GUI: Role Users

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.2p0

CONFIDENTIAL

CodeSecure Inc

General

GUI Reference: Role Users

This page contains information about a single role and its assigned hub user accounts. It provides functionality for adding and removing direct user assignments.

Important: If you are using a hub authentication plug-in that updates a user's role assignments at login time, a role that you remove from a user on this page will be re-added to that user the next time they sign in if the plug-in determines they should have that role. There are two main cases where an authentication plug-in can have this behavior: either the LDAP plug-in has been installed and configured with one or more Role Mapping List entries, or a custom authentication plug-in implements one or more of get_user()/get_user_from_cert()/get_user_from_request() with a return value that includes a list of roles.

Navigating to
Page Properties
Page Contents
Edit Role Details
Delete the Role
Navigating from

Important Note: the CodeSonar Web GUI makes extensive use of JavaScript. Make sure JavaScript is enabled in your web browser.

Navigating to

From Global Role-Permissions:	Click the role name, ID, or description in the role-permissions table.
From Resource Role-Permissions:	Click the role name, ID, or description in the role-permissions table.
From Role Ancestors:	Click the Users tab above the table of roles.
From Roles:	Click the corresponding row in the table of roles.
URL	http://hub_location/role/role_id.html

Page Properties

Output formats

CSV, JSON, XML (role.xsd)

Visibility Filter Applied

none

RBAC Permissions Needed

Page Access	G_ADMINISTER_USERS ROLE_READ
Page Contents/Functionality	G_ADMINISTER_USERS ROLE_ASSIGN ROLE_DELETE ROLE_WRITE

Page Contents

The following annotated screenshot shows the various parts of a Role Users page.

Annotated Screenshot: Roles Page

Standard Header

See GUI Reference: Standard Header.

Breadcrumbs

Home > Settings > Roles > Role_Name
Where

Home links to the GUI Home page.
Settings links to the Settings page.
Roles links to the Roles page.
Role_Name is the Role Name.

Page Heading

Role : Role_Name

Links

Links to other RBAC-related pages: Users, Roles, Global Role-Permissions, Root Project Tree Permissions, Root Launch Daemon Group Permissions. The latter two links are to the Resource Role-Permissions pages for the root project tree and root launchd group, respectively.

Role Details

Information about the role described on this page.

Role	The role name. Click edit to change the name. (Roles that cannot be renamed will not offer this functionality.) Click remove this role to delete the role from the hub. (Roles that cannot be deleted will not offer this functionality.) To view or modify the role-permissions for the role, click permissions or to navigate to the Role (Resource) Role-Permissions page.
Description	The role description. Click edit to change the description.

Edit functionality for the role name and description requires at least one of the following permissions: G_ADMINISTER_USERS, ROLE_WRITE R for this role R.

User Table

A table with one row for each hub user account.

The table has standard pagination controls.
Click an account name, ID, or email to navigate to the corresponding User Roles page.

Click the Ancestor Roles tab above the table to navigate to the role's Role Ancestors page.

The available table columns are as follows. Columns displayed by default are marked with an asterisk (*).

Column Label	Column Data
Assigned *	Contents depend on whether or not the user is directly assigned to the role or one of its descendant roles (thereby inheriting the permissions on the role). In both direct and inherited cases, the user will have all permissions that are directly or indirectly assigned to the role. The table legend shows how each of these cases is rendered in the table. Note that for performance reasons, users with only direct assignment are frequently shown as "directly assigned and possibly inherited". To add or remove a direct assignment, click the corresponding table cell to add or remove the bold ("directly assigned") checkmark, then click Save Changes. This requires either ROLE_ASSIGN R permission for the role R that you are assigning/unassigning, or G_ADMINISTER_USERS permission. Note that you will not be able to modify immutable role assignments.
Username *	Username
User ID	User ID
Email *	Email
*Permissions*	One column for each global permission. By default, Sign In (G_SIGN_IN) is shown and the remainder are hidden. A row will have a checkmark in one of these columns if and only if the user account has the corresponding permission through one or more of its assigned roles.

"Save Changes" and "Clear Changes" buttons

[With G_ADMINISTER_USERS or ROLE_ASSIGN R permission only.]
If you have clicked in one or more of the Assigned cells to add or remove direct assignments, the "<num> pending change(s)" notification under the table will update to show how many changes you have made since you loaded or reloaded the page.

Click Save Changes to save your changes and reload the page to show the effects of your changes.

If you have added a direct assignment to a hub user account U, the row for U will now have a "directly assigned and possibly inherited" check.
If you have removed a direct assignment from a hub user account U, the row for U will no longer have a "directly assigned" check. It will still have an "inherited" check if and only if U is directly assigned a role that is a descendant of the current role.

Click Clear Changes to restore the table to the state it was in when you loaded or reloaded the page.

Standard Footer

See GUI Reference: Standard Footer.

Edit Role Details

You can change the role name and description from the role details section of the page.

Change the Role Name

Changing the name for role R requires at least one of the following permissions: G_ADMINISTER_USERS, ROLE_WRITE R.
The names of immutable roles cannot be changed.

Click edit (next to the current name). An editing form will open, as in the example below.

The text field will contain the current role name.
Enter a new name (or edit the existing one) in the text field.
Click Save to save your changes, or Cancel to cancel the changes and close the editing form.
The page will be redisplayed.
- If your change was successful, the page will now display the new role name.
- If your change failed because your new name caused conflicts (for example, because another role already has that name, or because someone else tried to change the name at the same time), CodeSonar will display an error message under the page heading.

Change the Role Description

Changing the description for role R requires at least one of the following permissions: G_ADMINISTER_USERS, ROLE_WRITE R.

The procedure for changing a role's description is very similar to that for changing its name. The differences are as follows.

Instead of clicking the edit link next to Role, click the one next to Description.

Descriptions do not have to be unique, so your change will not fail if another role already has the same description.

Delete The Role

Deleting a role R requires either ROLE_DELETE R or G_ADMINISTER_USERS permission.
Immutable roles cannot be deleted.

Any users for which this was the default role will have their default role set to Anyone.

Click on the remove this role link on the first line of the role details section.
A confirmation dialog will open.
Click Remove to remove the role, or Cancel to cancel removal and close the confirmation dialog.

Navigating from

to Global Role-Permissions	Click Global Permissions in the link bar (under the page heading).
to Roles	Click Roles in the link bar (under the page heading).
to Role Ancestors	Click the Ancestors tab above the table of users.
to User Roles	Click the corresponding row in the table of users.
to Users	Click Users in the link bar (under the page heading).

Related Tasks

To report problems with this documentation, please visit https://support.codesecure.com/.