How are roles managed in ≥ 2.x?
Roles are managed in a graphical user interface. This interface is available to users that have been assigned the ADMIN role and can be accessed by clicking the User Configuration option in the user menu:
The interface is then displayed. There are two tabs, Profiles and Users: by default the Profiles tab is displayed:
Click to enlarge
- The Profiles interface is used to manage profiles - profiles are used to assign roles and also Data authorization - 2.x and above
- The Users interface is used to assign profiles to Users/Groups
- Any changes made in the interface to assigned roles are taken into account only when the user logs out and logs back in again. Data authorizations are effective immediately.
|Options in Profile tab|
Search and Add
|Edit and Delete|
Lists all profiles that are available, by name:
On first login, a profile called "admin_profile" will be created automatically. This profile has the role "Admin" assigned to it. The first user to login and become admin (see First login and become admin) will be automatically assigned this profile.
|Assign applications by name|
These columns list the data authorizations that have been assigned to the corresponding Profile, i.e., by:
The Assign applications by tags column will NOT be visible:
You can directly modify them in this column:
|Assign applications by technology|
|Assign applications by tags|
|Options in Users tab|
Lets you search a User or a Group from the list of available Users/Groups.
This column lists all users/groups:
This columns lists all profiles that have been created in the Profiles tab and allows you to assign them to you users/groups:
Lets you edit the selected Users/Groups, i.e. change the profile assigned to the User/Group:
What roles are available?
See User roles.
Use of NO_ROLE in the user interface
The role NO_ROLE is a role that is available for use, however, this role is not directly made available in the interface to be assigned. Instead, NO_ROLE can be assigned simply by granting a Data authorization and none of the roles. For example, test_profile in the image below has no roles assigned to it, but it has one data authorization assigned (to access the application called "MEUDON") - therefore a user/group with this profile can log in and access the application but has no other permissions:
Click to enlarge
Create new profiles
To create or edit a profile, use the Profiles tab:
Click the Add button to add a new profile:
Name the profile and click the tick icon to save:
The profile will then appear in the list:
Assign or remove roles to/from profiles
To assign or remove roles to/from a profile, use the Profiles tab:
and then the expandable item in the Roles column. Changes are automatically saved but are only taken into account when the user logs out and logs back in again in a new session:
If you assign All Roles or just the ADMIN role, then automatically All Applications, All Technologies and All Tags (if available) are also assigned:
Click to enlarge
Assign profiles to users/groups
Ensure you create the profile first. Then to assign or remove roles to/from a profile, use the Users tab:
and then the expandable item in the Profiles column. Changes are automatically saved but are only taken into account when the user logs out and logs back in again in a new session: