Summary: this page describes how to grant/revoke existing roles to your users and groups.

A user with the ADMIN or SUPER ADMIN role is required.

Introduction

The Users panel enables you to grant/revoke existing roles to your users and groups:

When clicked, a list of existing users/groups and their assigned roles is displayed:

  • The current logged in user is never displayed in this list - to manage roles for the current user you will need to log in with another user that has the ADMIN or SUPERADMIN role.
  • When local authentication mode is active:
    • it is not possible to create groups, therefore assigning roles or Application data access permissions to groups is also not possible.
    • all users (except the current logged in user) that have been created in the application-security-local.xml will be listed.
  • When LDAP, Active Directory or SAML authentication modes are active:
    • Only users/groups that have specifically been assigned a role will be listed (note that groups are not supported when SAML authentication mode is active).
    • Groups are taken directly from the back-end LDAP/Active Directory system and must therefore be created there before they can be exploited in CAST Imaging.
  • When SAML authentication mode is active:
    • Granting roles/permissions to groups is supported in ≥ 2.9.0 (not supported in previous releases).

Available when local authentication and LDAP authentication modes are active:

  • Local authentication: allows you to search for and highlight a specific user in the list.
  • LDAP authentication: allows you to search the LDAP server for a specific user or group you want to assign a role to:

Grants the Tutorial permission to users/groups that do not have the ADMIN or SUPER ADMIN role. See below.

Deletes all roles/permissions that have been granted to a user or group already. See below.

Allows you to bulk edit the roles for multiple users/groups. See below.

Assign a role or roles to users or groups

Choose the role or roles you require using the drop down list (you can create new roles in the Roles panel). When assigning multiple roles, the role with the most permissive behaviour will override other roles.

Bulk assign

You can also (in ≥ 2.10) assign roles to multiple users/groups in one go by selecting the user/group and then using the edit icon:

Then select the role(s) you require - you can select multiple roles. The selected roles will be applied to the user/group:

Note that if the user/group already has existing roles assigned to it, then the newly selected roles will be assigned in addition to those existing roles (i.e. the existing role assignments are not changed).

LDAP/SAML authentication

Adding users/groups to the list

If an authentication mode other than "local" is active and the user/group has never been granted a permission, the user/group will not be visible in the list. Therefore, to find the user/group:

Using LDAP

You will need to search for the user/group because it will not be displayed in the table:

Using Active Directory/SAML

In these modes, the search mechanism is not available, instead, you will need to specifically use the Add user/group icon to add a user or group with an identical name to the user or group you want to grant the role or permission to:

Note that when using SAML authentication, you MUST ensure that the login/user name that you add exactly matches the login/username in the SAML directory. For example if the login uses a mixture of upper and lowercase characters, ensure that these are also used in CAST Imaging.

Grant the Tutorial permission to users/groups

To allow users/groups to use the Tutorial feature, you will need to grant the permission on a user or group basis. Select the user/group you want to grant these permissions to (1), and then click the icon highlighted in the top right (2):

Then enable the required permission and click Update:

The changes will be saved automatically.

Editing/deleting existing roles assignments

Edit existing role assignments

If you need to edit existing roles for a user/group, you can use the dropdown list to change the role that has been assigned:

You can also (in ≥ 2.10) edit/delete roles for multiple users/groups in one go if they all have the SAME roles assigned to them. Select the user/group and then use the edit icon:

Click the role(s) you want to remove - you can select multiple roles. The selected roles will then be removed from the user/group:

Delete role assignments

To delete all roles/permissions that have been granted to a user or group already, use the delete icon on the selected users/groups:

You will be prompted to confirm the choice:

The user or group will now have no roles or permissions assigned to it.