Created by James Hurrell on Jun 30, 2021

Summary: This section describes how to configure roles for users/groups in ≥ 1.x.

How are roles managed in 1.x?

Roles are managed in the following file (which is common to all authentication modes):

WAR 1.x
CATALINA_HOME\webapps\<dashboard>\WEB-INF\roles.xml

Granting roles to users

To grant a role, enter a new line in the roles.xml file (one "role-assignment" line per user). In the following example, we have added the ADMIN role to the user Bill:

<root>
   <role-assignment user="Bill" role="ADMIN"/>
</root>

To grant a role to multiple users, enter a new line in the roles.xml file (one "role-assignment" line per user):

<root>
   <role-assignment user="Bill" role="ADMIN"/>
   <role-assignment user="Fred" role="ADMIN"/>
</root>

It is possible to grant multiple roles to a single user if required. Place each role on one line. For example, to add the roles ADMINQUALITY_MANAGER, EXCLUSION_MANAGER and QUALITY_AUTOMATION_MANAGER roles to the user Bill:

<root>
	<role-assignment user="Bill" role="ADMIN"/>
	<role-assignment user="Bill" role="QUALITY_MANAGER"/>
	<role-assignment user="Bill" role="EXCLUSION_MANAGER"/>
	<role-assignment user="Bill" role="QUALITY_AUTOMATION_MANAGER"/>
</root>

Following any changes you make, save the roles.xml file and then restart your application server so that the changes are taken into account.

Granting roles to groups

Note that when configuring roles for LDAP users, you must use the full Common Name (CN) of the group.

To grant a role, enter a new line in the roles.xml file (one "role-assignment" line per group). In the following example, we have added the ADMIN role to the group corporate.admins:

<root>
	<role-assignment group="corporate.admins" role="ADMIN"/>
</root>

To grant a role to multiple groups, enter a new line in the roles.xml file (one "role-assignment" line per group):

<root>
   <role-assignment group="corporate.admins" role="ADMIN"/>
   <role-assignment group="corporate.it" role="ADMIN"/>
</root>

It is possible to grant multiple roles to a single group if required. Place each role on one line. For example, to add the roles ADMINQUALITY_MANAGER, EXCLUSION_MANAGER and QUALITY_AUTOMATION_MANAGER roles to the group corporate.admins:

<root>
	<role-assignment group="corporate.admins" role="ADMIN"/>
	<role-assignment group="corporate.admins" role="QUALITY_MANAGER"/>
	<role-assignment group="corporate.admins" role="EXCLUSION_MANAGER"/>
	<role-assignment group="corporate.admins" role="QUALITY_AUTOMATION_MANAGER"/>
</root>

Following any changes you make, save the roles.xml file and then restart your application server so that the changes are taken into account.