Hub User Account

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.2p0

CONFIDENTIAL

CodeSecure Inc

General

Hub User Accounts

This page describes the properties of a CodeSonar hub user account and describes the ways in which such accounts can be created, modified, and deleted.

Introduction
Properties
Built-in Users
Viewing and Modifying User Information
Creating Hub User Accounts
User Control

Introduction

Hub user accounts are used to control access to hub functionality and to indicate ownership and provenance for CodeSonar activities.

Hub user account credentials are used for authentication.

Each user account is associated with one or more RBAC roles. The permissions held by a user's roles control the user's access to CodeSonar functionality.

If a user does not have G_SIGN_IN permission, then they cannot be authenticated and so cannot authorize any functionality, even if they hold all other required permissions.
This includes the special Anonymous user.
Some GUI page types are unavailable or have restricted functionality unless certain permissions are held.
Appropriate permissions are also required in order to perform other operations that interact with a hub. These include performing a build/analysis, starting a launch daemon, shutting down a hub, and obtaining hub information.
The permissions held by other users can also affect functionality. For example, you can only set a warning's Owner to a user who has ANALYSIS_OWN_WARNINGS permission for the relevant analysis.

Properties

This section describes each of the properties of a user account. The full list of properties is (in alphabetical order):

Default Role
Email
Email Alerts?
Last Login Address
Last Login Time
Password

Roles
Sessions
User Certificates
User ID
Username
Visibility Defaults

User account properties are subject to access control: the permissions required to modify account properties are noted in the table below.

Property ( Search Language Field Name, if any)	Description	Modifying
Default Role ( default_role )	The user's default role (must be one of their assigned roles).	Change own default role: Settings: Account tab. No permission requirements. Change default role for another user (requires user control): Account Editor: Account Settings tab. Note that the default role can only be selected from the user's set of assigned roles.
Email ( email )	The email address for the account. Will have special value NULL if an email address was not supplied when the account was created, and the email has not been subsequently changed to a concrete value. When email is NULL and the user has G_CHANGE_OWN_EMAIL permission, they will be prompted to provide an email address when they sign in, and will not be able to proceed until they do so. Email cannot be changed from a concrete value to NULL.	Change own email (requires G_CHANGE_OWN_EMAIL permission): Settings: Account tab. Change email for another user (requires user control): Account Editor: Account Settings tab. If email has special value NULL, a concrete email for the account can also be set in the Bulk Add Users page. If a third-party authentication service specifies an email address for a user at sign-in time, the user's Email will be automatically updated to that address if Email is NULL or the user does not have G_CHANGE_OWN_EMAIL permission.
Email Alerts? ( alerts )	"True" if the user account will receive email notification of any changes they make, and of any changes made to warnings for which they are the Owner, "false" otherwise. Notifications will be sent to the address specified by Email.	Change own email alerts setting (requires G_CHANGE_OWN_EMAIL_ALERTS permission): Settings: Account tab. Change email alerts setting for another user (requires user control): Account Editor: Account Settings tab.
Last Login Address ( last_login_address )	The IP address of the machine from which the user last signed in. Will have special value NULL if the user has never signed in.	Managed automatically by the hub.
Last Login Time ( last_login_time )	The date and time at which the user last signed in.	Managed automatically by the hub.
Password	The password for the hub user account. Will have special value NULL if no password was supplied when the account was created, and the password has not been subsequently changed to a concrete value. When password is NULL, the user can only be authenticated by third-party authentication services (if any are configured). Length and character class requirements for hub user account passwords can be configured from the Settings: Password Policy tab. Under default settings, a password must meet the following requirements. Minimum length: 12 characters Minimum number of character classes (e.g. 'upper case', 'lower case', 'digit'): 3 The password cannot be changed from a concrete value to NULL.	Change own password (requires G_CHANGE_OWN_PASSWORD permission): Change the password in the Settings: Account tab. This functionality is not available if the password has special value NULL. Reset the password in the Sign In: Forgot Password tab. This requires G_RECOVER_OWN_PASSWORD in addition to G_CHANGE_OWN_PASSWORD. Change password for another user (requires user control): Account Editor: Account Settings tab.
Roles	The set of RBAC roles that are assigned to the user.	From User perspective: User Roles From Role perspective: Role Users Assigning or unassigning a role R requires either G_ADMINISTER_USERS or both ROLE_READ R and ROLE_ASSIGN R.
Sessions	The set of user sessions currently associated with the user. (That is, the set of sessions for which they are the Session User).	User Sessions There are several mechanisms for creating and ending sessions: some manually invoked and some automatic. For full details, see User Sessions and Anonymous Sessions.
User Certificates	The (possibly empty) set of TLS certificates stored by the hub to support certificate-based authentication for the user. Note that the user will only be able to sign in with these certificates if additional requirements are also met. For more information, see TLS Certificates: User Certificates.	User Certificates. Changing your own certificates requires G_CHANGE_OWN_CERTIFICATES permission; changing certificates for another user requires user control).
User ID	A unique numeric identifier for the account.	Cannot be modified.
Username ( name )	The unique name associated with the account.	Cannot be modified.
Visibility Defaults	The default visibility filter settings for the user. There is a default setting for each search domain: warnings, files, code, procedures, metrics, analyses, projects, warning categories, and users.	Account Editor: Visibility Settings tab. Modifying the visibility defaults for any user requires user control. The menus on the Account Editor: Visibility Settings tab contain only the saved searches for which the user has NAMEDSEARCH_READ and NAMEDSEARCH_EXISTS permissions.

Built-in Users

CodeSonar ships with three special user accounts: Administrator, Anonymous and Default Template User. The Administrator and Anonymous accounts cannot be renamed or deleted, and have additional special constraints.

For all three special accounts, the following initial settings apply. Other initial settings are described in the table below.

Default Role	Anyone
Email	NULL
Email Alerts?	"True"
Password	NULL
Visibility Defaults	Visible Warnings: active not clustered; All other domains: all

Administrator	A special account built into every hub. The Administrator account always has the special Administrator role, which has a broad set of immutable permissions. The initial password for Administrator is specified when the hub is started. It can be modified in the same ways as passwords for other accounts; it can also be reset by restarting the hub with the -setadminpw option included in the codesonar hub-start command. Changing the Administrator password will also change the password for special PostgreSQL user cshubuser. The Administrator password cannot be changed from satellite hubs; changing the Administrator password on a primary hub will cause its satellite hubs to shut down. Satellite hubs can only be set up by the Administrator account (it is not sufficient to use another account with the Administrator role). Initially, this account has roles Administrator , Anyone, and Enabled.
Anonymous	The user account that is implicitly associated with all hub users who are not signed in. This is a special account that exists only to associate roles (and thus role-permissions) with those users. Anonymous browsing is available if and only if Anonymous has G_SIGN_IN permission through one or more of its assigned roles. Anonymous will always be treated as if it doesn't have certain permissions, even if its assigned roles would otherwise confer those permissions. In particular, it cannot be explicitly signed into, even if its associated roles confer G_SIGN_IN and one or both of G_SIGN_IN_CERTFICATE, G_SIGN_IN_PASSWORD. For a full list, see Role-Permissions: Negated Role-Permissions for Anonymous. Initially, this account has roles Anyone and Enabled.
Default Template User	An initial "ordinary user" provided so that it can be used as a template user for account creation on new hubs. The hub's default template user is initially this user. Initially, this account has roles Anyone and User. It does not initially have the Enabled role: it is not designed to be signed into directly. This account can be modified, renamed, and deleted.

Administrator

A special account built into every hub. The Administrator account always has the special Administrator role, which has a broad set of immutable permissions.

The initial password for Administrator is specified when the hub is started. It can be modified in the same ways as passwords for other accounts; it can also be reset by restarting the hub with the -setadminpw option included in the codesonar hub-start command. Changing the Administrator password will also change the password for special PostgreSQL user cshubuser. The Administrator password cannot be changed from satellite hubs; changing the Administrator password on a primary hub will cause its satellite hubs to shut down.

Satellite hubs can only be set up by the Administrator account (it is not sufficient to use another account with the Administrator role).

Initially, this account has roles Administrator , Anyone, and Enabled.

Anonymous

The user account that is implicitly associated with all hub users who are not signed in. This is a special account that exists only to associate roles (and thus role-permissions) with those users. Anonymous browsing is available if and only if Anonymous has G_SIGN_IN permission through one or more of its assigned roles.

Anonymous will always be treated as if it doesn't have certain permissions, even if its assigned roles would otherwise confer those permissions. In particular, it cannot be explicitly signed into, even if its associated roles confer G_SIGN_IN and one or both of G_SIGN_IN_CERTFICATE, G_SIGN_IN_PASSWORD. For a full list, see Role-Permissions: Negated Role-Permissions for Anonymous.

Initially, this account has roles Anyone and Enabled.

Default Template User

An initial "ordinary user" provided so that it can be used as a template user for account creation on new hubs. The hub's default template user is initially this user.

Initially, this account has roles Anyone and User. It does not initially have the Enabled role: it is not designed to be signed into directly.

This account can be modified, renamed, and deleted.

Viewing and Modifying User Information

Hub user account information can be viewed and modified at various locations in the CodeSonar web GUI, as shown in the following table. See individual GUI reference pages (linked in the leftmost table column) for full details of functionality and required permissions.

Page	Tab	Description
Account Editor	Account Settings tab	View and modify the following properties for an individual ordinary user: Password, Email, Email Alerts, Default Role. Link to User Roles, User Certificates and User Sessions pages.
	Visibility Settings tab	View and modify the Visibility Defaults for an individual user.
	Delete User tab	Delete a user account from the hub.
Role Users	-	Edit the role/user mapping from the perspective of a single role.
Settings	Account tab	View and modify the following user account properties: Password, Email, Email Alerts, Default Role. Link to User Roles, User Certificates and User Sessions pages.
User Certificates	-	View and modify the TLS certificates for a user.
User Roles	-	Edit the role/user mapping from the perspective of a single user.
Users	-	View summary information about all users; view and modify the default template user selection; link to Account Editor pages.

Creating Hub User Accounts

There are four mechanisms for creating a user account on a CodeSonar hub.

Create Account	Use the Create Account page or the Create Account tab of the GUI Sign-In page to create a new account.
Bulk Add Users	Use the Bulk Add Users page to create multiple new accounts in a single operation.
Third-Party Authentication	Sign into the hub using one of the third-party authentication services configured for the hub and let the hub take care of automatically creating a corresponding account.
Annotation Import	Importing annotations will cause a new hub user account to be created for every Owner that is attested in at least one imported annotation tuple but does not already have a corresponding hub user account.

	Permissions Required	Initial Hub Account Property Values (remaining properties are as for the template user)
	Permissions Required	Password	Email	Has Enabled role?
Create Account	G_CREATE_USER G_ADMINISTER_USERS or G_MANAGE_USERS	as specified; cannot be NULL	as specified; cannot be NULL	If and only if "Enabled" is selected in the form.
Bulk Add Users	G_CREATE_USER G_ADMINISTER_USERS or G_MANAGE_USERS	NULL	NULL unless otherwise specified	If and only if "Enable Users" is selected in the form.
Third-Party Authentication	G_CREATE_USER G_ADMINISTER_USERS	NULL	as provided by the authentication service, or NULL if none is provided.	yes
Annotation Import	G_CREATE_USER G_ANNOTATION_IMPORT	NULL	NULL	no

Template Users for Account Creation

When a new hub user account or set of accounts is created, some of its initial settings are copied from those of another user, referred to as the template user. This includes user accounts created by third party authentication plug-ins (in which case the template user is specified as part of the plug-in configuration) and accounts created due to annotation import (in which case the template user is specified at import time).

The set of available template users is restricted to those over which the creating user has user control. If this set is empty, the template user will be the default template user.

Hub user account properties copied from template

The following properties are copied from the template user to the new hub user account at account creation time. There is no ongoing relationship between the template user and the new account once this initialization is completed.

Default Role
Email Alerts?
User Roles, except that the special Enabled role is never copied from the template user to the new account.
The assignment (or not) of the Enabled role to the new account depends on the account creation mechanism.
Visibility Defaults

Default template user

The default template user is a hub-wide setting: a designated hub account that will be the template user for all new accounts created by users who do not have G_ADMINISTER_USERS permission.

Any user on the hub (including deactivated users) can be the default template user.

The current default template user selection can be viewed and modified on the Users page by users with G_ADMINISTER_USERS permission. Users without this permission cannot view or modify the default template user.

When a new hub is set up, its initial default template user is special user Default Template User.

User Control

User control over a specific hub user account requires one of the following sets of permissions.

G_ADMINISTER_USERS
or
G_MANAGE_USERS and ROLE_ADMINISTER R for every role R that the user is assigned.

With user control over a hub user account U, you can do the following.

Modify U's Password, Email, Email Alerts, Default Role, User Certificates, Sessions, and Visibility Defaults.
Delete U.
Choose U as the template user when creating a new user account.
Choose U as the template user or authorizing user (or both) when configuring a third-party hub authentication service.
Be the authorizing user for a hub authentication service that has U as its template user.
Set U as the default template user for the hub.
Sign in as U (from the Sign In tab of the Account Editor).

To report problems with this documentation, please visit https://support.codesecure.com/.