Created by James Hurrell, last modified on Apr 28, 2022

Summary: This section describes how to configure roles for users.

Introduction

Each dashboard has a variety of roles available that can be granted to users and groups of users. The purpose of roles is to grant additional permissions for specific situations and features.

What roles are available?

RoleHealth DashboardEngineering / Security DashboardRESTAPINotes
ADMIN(tick)(tick)(tick)

The ADMIN role provides permission to execute the following actions:

Health Dashboard

Engineering Dashboard

A user with the role ADMIN cannot interact with the Action Plan / Exclusion list / Education list - this requires the QUALITY_MANAGER/EXCLUSION_MANAGER/QUALITY_AUTOMATION_MANAGER roles (see below).

All dashboards

In addition, a user with the ADMIN role:

  • will automatically be granted authorization to access all Applications (allApplications authorization - see Data authorization)

  • does not require a license key to access the data in the CAST Dashboard Service (not applicable to Health Dashboard) - see Dashboard Service license key configuration

  • will gain admin specific options via the username button

  • will get Check for update option in the user profile drop down. It performs a check to see whether the current Dashboard is up-to-date or if a new release is available. See: Engineering Dashboard - GUI

You should use this role with caution!

QUALITY_MANAGER(error)(tick)(error)

The QUALITY_MANAGER role provides permission to add and remove objects from the Action Plan and to use the Engineering Dashboard - Action Plan Recommendation feature. A user granted this role ALSO requires additional authorization to access Applications data - they will not be permitted to login if an authroization is not configured - see Data authorization.

EXCLUSION_MANAGER(error)(tick)(error)The EXCLUSION_MANAGER role provides permission to add and remove objects from the Exclusion list. A user granted this role ALSO requires additional authorization to access Applications data - they will not be permitted to login if an authroization is not configured - see Data authorization.
QUALITY_AUTOMATION_MANAGER(error)(tick)(error)The QUALITY_AUTOMATION_MANAGER role provides permission to add and remove objects from the Education list. A user granted this role ALSO requires additional authorization to access Applications data - they will not be permitted to login if an authroization is not configured - see Data authorization.
CODE_RESTRICTED(error)(tick)(tick)
The CODE_RESTRICTED role prevents users from viewing source code in the Engineering Dashboard. When enabled, a message is displayed in the dashboard as follows when an attempt is made to view the source code of a violation:

Click to enlarge

  • This role is available in ≥ 1.11.0.
  • A user granted this role ALSO requires additional authorization to access Applications data - they will not be permitted to login if an authroization is not configured - see Data authorization.
NO_ROLE(tick)(tick)(tick)The NO_ROLE role is a "read-only" role - it does not grant any permissions. A user granted this role ALSO requires additional authorization to access Applications data - they will not be permitted to login if an authorization is not configured - see Data authorization.

How are roles managed?

Roles are managed in different ways depending on the Dashboard release you are using:

≥ 2.x

Roles are managed using a graphical user interface. See User roles - 2.x and above:

Note that this user interface is also used to assign Data authorization - 2.x and above.
1.x

Roles are managed using a configuration file called roles.xml. See User roles - 1.x.

<root>
   <role-assignment user="Bill" role="ADMIN"/>
</root>