GUI: Resource Role-Permissions

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.2p0

CONFIDENTIAL

CodeSecure Inc

General

GUI Reference: Resource Role-Permissions

This page allows users to view and edit the resource role-permission assignments for an individual securable resource on the hub.

To view and edit global role-permission assignments, use the Global Role-Permissions page.

See also the section on recommended combinations for resource role-permissions.

Navigating to
Page Properties
Page Contents
Navigating from
Related Tasks

Important Note: the CodeSonar Web GUI makes extensive use of JavaScript. Make sure JavaScript is enabled in your web browser.

Navigating to

Links to Resource Role-Permissions pages are marked with a black key icon. These links are available in tables of resources, pages about individual resources, and certain other locations, as shown in the following table.

Resource Type	URL
Analysis	/analysis/analysis_id-permissions.html	Table column in Project, Analysis Search Results. Link in Analysis: Analysis Details section.
Launch Daemon	/launchdaemon/launchd_id-permissions.html	Table column in Analysis Cloud/Launchd Group (launch daemon entries).
Launchd Group	/launchdaemongroup/ldgroup_id-permissions.html	Table column in Analysis Cloud/Launchd Group (launchd group entries). Link in Analysis Cloud/Launchd Group: Details section.
Named Search	/namedsearch/search_id-permissions.html	Table column in Saved Searches.
Project	/project/project_id-permissions.html	Table column in Home/Project Tree (project entries), Project Search Results. Link in Project: Project Details section.
Project Tree	/projecttree/ptree_id-permissions.html	Table column in Home/Project Tree (project tree entries). Link in Home/Project Tree page: Project Tree Details section.
Report Template	/reporttemplate/template_id-permissions.html	Links in Reports sections of Home/Project Tree, Project, Analysis. Link in Report Template Editor: toolbar.
Role	/role/role_id-permissions.html	Table column in Roles. Link in Details section of Role Users, Role Ancestors.
Saved Chart	/savedchart/schart_id-permissions.html	Button in Open a Saved Chart dialog. File menu items in Chart, Chart Table.
Warning Processor	/warningprocessor/wproc_id-permissions.html	Table column in Manage Warning Processors.

Page Properties

Output formats

CSV, JSON, XML (permissions.xsd)

Visibility Filter Applied

none

RBAC Permissions Needed

Analysis Role-Permissions:

Page Access	ANALYSIS_READ G_ADMINISTER_USERS
Page Contents/Functionality	ANALYSIS_ADMINISTER G_ADMINISTER_USERS ROLE_READ

Launch Daemon Role-Permissions:

Page Access	G_ADMINISTER_USERS LAUNCHD_READ
Page Contents/Functionality	G_ADMINISTER_USERS LAUNCHD_ADMINISTER ROLE_READ

Launchd Group Role-Permissions:

Page Access	G_ADMINISTER_USERS LAUNCHDGROUP_READ
Page Contents/Functionality	G_ADMINISTER_USERS LAUNCHDGROUP_ADMINISTER ROLE_READ

Named Search Role-Permissions:

Page Access	G_ADMINISTER_USERS NAMEDSEARCH_READ
Page Contents/Functionality	G_ADMINISTER_USERS NAMEDSEARCH_ADMINISTER ROLE_READ

Project Tree Role-Permissions:

Page Access	G_MANAGE_USERS PTREE_READ
Page Contents/Functionality	G_MANAGE_USERS PTREE_ADMINISTER ROLE_READ

Report Template Role-Permissions:

Page Access	G_MANAGE_USERS REPORTTEMPLATE_READ
Page Contents/Functionality	G_MANAGE_USERS REPORTTEMPLATE_ADMINISTER ROLE_READ

Role (Resource) Role-Permissions:

Page Access	G_ADMINISTER_USERS ROLE_READ
Page Contents/Functionality	G_ADMINISTER_USERS ROLE_ADMINISTER ROLE_READ

Saved Chart Role-Permissions:

Page Access	G_ADMINISTER_USERS SAVEDCHART_READ
Page Contents/Functionality	G_ADMINISTER_USERS ROLE_READ SAVEDCHART_ADMINISTER

Warning Processor Role-Permissions:

Page Access	G_ADMINISTER_USERS WPROCESSOR_READ
Page Contents/Functionality	G_ADMINISTER_USERS ROLE_READ WPROCESSOR_ADMINISTER

Page Contents

The following annotated screenshot shows the various parts of a Resource Role-Permissions page.

Annotated Screenshot: Resource Role-Permissions page

Standard Header

See GUI Reference: Standard Header.

Breadcrumbs

[Resource_Breadcrumbs >] Resource_Type Resource_Name : Permissions

Where Resource_Breadcrumbs depend on the resource type, and Resource_Type and Resource_Name are the type and name of the resource, respectively.

Resource_Type	Resource_Breadcrumbs	Resource_Type Resource_Name links to
Analysis	as for Analysis page breadcrumbs	Analysis
Launch Daemon	*Home > Analysis Cloud [> Other_LDGroup_Ancestors]*	no link
Launchd Group	as for Launchd Group page breadcrumbs	Launchd Group
Named Search	Home > Saved Searches	no link
Project	as for Project page breadcrumbs	Project
Project Tree	as for Project Tree page breadcrumbs	Project Tree
Report Template	Home	Report Template Editor
Role	Home > Settings	Roles
Saved Chart	Home	Chart
Warning Processor	Home	no link

Page Heading

Resource_Type Resource_Name: Permissions

Where Resource_Type and Resource_Name are the type and name of the resource, respectively.

Links and Information

Links to other RBAC-related pages:

Users
Roles
Global Role-Permissions
Root Project Tree Permissions: the Resource Role-Permissions page for the root project tree.
Root Launch Daemon Group Permissions: the Resource Role-Permissions page for the root launchd group.

Resource Role-Permissions Table

A table with one row for each role and one column for each applicable permission for the resource. Click a role name, ID, or description to navigate to the corresponding Role Users page.

If you have G_ADMINISTER_USERS permission, the table will list all roles on the hub.
Otherwise, the table will list all roles for which you have ROLE_READ permission.

The table has standard pagination controls.

The available table columns are as follows. All columns except Role ID are displayed by default.

Column Label	Column Data
Role ID	Role ID
Role	Role Name
Role Description	Role Description
*Permissions*	One column for each applicable permission for the resource. Cell contents for these columns depend on whether the corresponding role is assigned the corresponding permission, and if so, by what means: Direct assignment. Indirect assignment through role inheritance, resource inheritance (where applicable), or both. Both direct and indirect assignment. No assignment. The table legend shows how each of these cases is rendered in the table. Note that for performance reasons, role-permissions with only direct assignment are frequently rendered as "directly assigned and possibly inherited". To add or remove a direct role-permission assignment, click the corresponding table cell to add or remove the bold ("directly assigned") checkmark, then click Save Changes. (Any resulting changes to indirect assignments will be shown after you click Save Changes.) Users with G_ADMINISTER_USERS permission can modify any (mutable) role-permission assignment. Users without G_ADMINISTER_USERS must have <resourcetype>_ADMINISTER S permission to modify role-permission assignments for resource S. For example, modifying role-permission assignments for analysis A requires either G_ADMINISTER_USERS or ANALYSIS_ADMINISTER A. Note that you will not be able to modify immutable role-permission assignments.

"Save Changes" and "Clear Changes" buttons

If you have clicked in one or more of the table cells to add or remove direct role-permission assignments, the "<num> pending change(s)" notification under the table will update to show how many changes you have made since you loaded or reloaded the page.

Click Save Changes to save your changes and reload the page to show the effects of your changes on the role-permissions for this resource.

If you have added direct permission P to role R:
- R will have "directly assigned and possibly inherited" checks for P.
- Roles that are descended from R will have an "inherited" check for P.
  (There is no effect on their direct assignments, which may include P.)
If you have removed direct permission P from role R:
- R will no longer have a "directly assigned" check for P.
- R will still have an "inherited" check for P if and only if:
  - one or more ancestors of R is (directly or indirectly) assigned P (role inheritance), or
  - [ hierarchical resources only] R is (directly or indirectly) assigned P for a resource that contains the current resource (resource inheritance).
- Roles that are descended from R will still have an "inherited" check for P if and only if:
  - one or more of their ancestors is (directly or indirectly) assigned P (role inheritance), or
  - [ hierarchical resources only] they are (directly or indirectly) assigned P for a resource that contains the current resource (resource inheritance).
  (There is no effect on their direct assignments, which may include P.)
Note that if you are changing role-permissions for a hierarchical resource, there may also be changes to resource-inherited role-permissions for resources that it contains.

Click Clear Changes to restore the table to the state it was in when you loaded or reloaded the page.

Standard Footer

See GUI Reference: Standard Footer.

Navigating from

to Global Role-Permissions	Click Global Permissions in the link bar (under the page heading).
to Roles	Click Roles in the link bar (under the page heading).
to Role Users	Click the role name, ID, or description in the table.
to Users	Click Users in the link bar (under the page heading).

Related Tasks

To report problems with this documentation, please visit https://support.codesecure.com/.