Merge pull request #263287 from shikhagarg1/main

details about user root group in ACL

Author: prmerger-automator[bot]

articles/energy-data-services/how-to-manage-acls.md

@@ -13,6 +13,25 @@ ms.custom: template-how-to
 
 In this article, you learn how to add or remove ACLs from the data record in your Azure Data Manager for Energy instance.
 
+## Create a data group as ACL
+Run the following curl command in Azure Cloud Shell to create a new data group, e.g., data.sampledb.viewer, in the specific data partition of the Azure Data Manager for Energy instance.
+
+**Request format**
+
+```bash
+    curl --location --request POST "https://<URI>/api/entitlements/v2/groups/" \
+    --header 'data-partition-id: <data-partition>' \
+    --header 'Authorization: Bearer <access_token>'
+    --data-raw '{
+       "description": "<data-group-description>",
+       "name": "data.sampledb.viewer"
+    }
+```
+
+users.data.root entitlement group is the default member of all data groups when groups are created. If you try to remove users.data.root from any data group, you get error since this membership is enforced by OSDU. 
+
+In case, a data record has 2 ACLs, ACL_1 and ACL_2, and a given user is member of ACL_1 and users.data.root, now if you remove this given user from  ACL_1, the user remains to have access of the data record via users.data.root group. 
+
 ## Create a record with ACLs
 
 **Request format**
@@ -179,6 +198,7 @@ If you delete the last owner ACL from the data record, you get the error.
 }
 ```
 
+
 ## Next steps
 
 After you add ACLs to the data records, you can: