Each CollectionPro installation comes with some predefined system groups that cannot be removed but can be used to assign system rights and permissions. You can add your own groups by clicking the plus button in the bottom left corner. To delete a group, select it and click the minus button. To copy a group, select it and click on “Copy” in the bottom right corner of the group settings. Use the search filter to search for the name, internal name, internal comment, or reference of groups. You can also filter for the group types “easydb” and “system”.

Typical groups include:
- Administrators
- Content Editors / Power Users
- Readers / Staff
For example, because users can be associated with multiple groups, you can create a “Reader” group (which gives them access to records without download permissions) and a “Authorized to download” group (which additionally gives them download permissions).
If you are working with different departments / projects that should only work on in their own pools, you should create a separate group of editors and readers for each department / project.
System groups
Each CollectionPro installation has the following predefined system groups that are automatically assigned to users:
Group | Description |
---|---|
All users | This group includes all users. Also system users, anonymous users, LDAP and SSO users, and local users. |
All but system users | This group includes all users except system users, such as “deep_link” and “oai_pmh”. |
Anonymous users | This group includes all users who use the system without a user account. Note! External access must be enabled in the base configuration. |
Anonymous Collection Users (formerly “Pseudo users to see single collections”) | This group includes all users that were created when a collection was shared with external users who don’t need to sign in. |
Fallback Group | This group does not include any users. When the group that is the owner of the records is deleted, this “Fallback Group” is set as the owner instead. |
LDAP users | This group includes all users who log in via LDAP. |
Normal users | This group includes all users created locally in CollectionPro. |
Self-registered users | This group includes all users who have registered. Note! Registration must be enabled in the base configuration. |
SSO users | This group includes all users who sign in via SSO. |
Users invited by e-mail | This group includes all users who were created when a collection or export was shared to an e-mail address. |
Group settings
It is possible to extend the group settings with custom plugins.
General

Field | Description |
---|---|
ID | The group identifier. Given automatically. |
Owner | The name of the user who created the group. |
Type | The type of group. Local groups are of the “easydb” type. Groups of type “system” cannot be deleted. |
Name | Name of the group. |
Internal Name | The internal name of the group. Not shown anywhere else. |
Comment | Internal comment of the group. Not shown anywhere else. |
Reference | Group reference. Must be unique. |
IP Subnet Filter | Add an IP subnet filter if the user should only belong to this group if they log in from specific IP subnets. CIDR notation is accepted, example: 192.168.0.0/16, 2001:db8::/32 . For more information, see the documentation https://pkg.go.dev/net#ParseCIDR |
Invert IP Subnet Filter | Yes / No |
Displays the default settings for new users in this group. If nothing is set, the default system settings will be used. Includes: – search result settings – pools for the search – object types for the search – data languages – search languages – filter on/off If a user belongs to multiple groups that have preferences, they will receive the preferences of the first group. | |
Created | The date and time the group was created. |
Last Updated | The date and time the group was last updated |
System rights
Define which sections users in the user group should have access to and which features they are allowed to use.
Permissions
Define which other users or user groups should be able to access (read, write, delete) this group and/or the users in this group.

Pseudonymization
Define which data of a user in this group is retained, deleted, or pseudonymized when archiving.

Option | Description | Available for field |
---|---|---|
Keep | When a user is archived, the contents of the field are preserved. | – Login – First name – Last name – Display name – Department |
Randomize | When a user is archived, the contents of the field are replaced with a random string. | – Login – First name – Last name – Display name – Department |
Clear | When a user is archived, the contents of the field are deleted. | – Login – First name – Last name – Display name – Department |
Authentication Services
If you are using a third-party user management such as LDAP or SSO, you can define a group mapping here and automatically map groups used in SSO or LDAP to groups in CollectionPro whenever a user logs in.

Method | Description |
---|---|
Group name (eq) | The group name from LDAP/SSO must match this string exactly. |
Regular expression (regexp) | Group names from LDAP/SSO must match a regular expression. Example: students.* corresponds to the LDAP/SSO group students and the group students-alumni, but not to the group named student. For more information, see the documentation https://pkg.go.dev/regexp#Match. |
Users
Displays all users who belong to this group.
