Summary: this page describes how to manage roles and their application authorities/resource permissions.

A user with the ADMIN or SUPER ADMIN role is required.

Introduction

The Roles panel enables you to manage the roles that can be granted to your users/groups (via the Admin Center - Users panel). All users MUST be granted a role (either directly to the user or to a group the user is a member of) before the user will be able to access application data or interact with CAST Imaging features.

CAST Imaging provides four default roles out of the box (see below) for each tenant and these can be supplemented with additional custom roles as required. Roles do two things:

  • grant access to application data (either the role can access a single application, multiple applications or all applications):

  • grant varying degrees of access to features within CAST Imaging - this is known as "resource permissions". These resource permissions are granted using READ, CREATE, UPDATE, DELETE options. In the following example, a role grants READ and CREATE permissions on the Document-It resource (see User Guide - Using the Annotate feature). This means that a user assigned this role:
    • can READ existing Document-It items added to a view

A role can include a mix of the two access type permissions (application data and resource permissions), or it can include just one type (either application data or resource permissions) - in this latter case, multiple roles should be assigned to allow the user/group to interact correctly.

Default roles

Out of the box in a brand new installation of CAST Imaging, the following roles are made available in order of priority. It is not possible to delete or modify these default roles:

SUPER ADMIN

The SUPER ADMIN role provides permission to execute the following actions in the Admin Center across all tenants:

In addition:

  • Users and members of groups with the SUPER ADMIN role can access all Application data in CAST Imaging across all tenants
  • Users and members of groups with the SUPER ADMIN role have full resource permissions on all CAST Imaging features
  • this role is not specific to a single tenant, instead it is intended to be used as a "global administrator" with complete jurisdiction across all tenants
  • The first user to log in to CAST Imaging following a fresh installation will receive the SUPER ADMIN as described in First login and become super admin.
  • You should use this role with caution!
ADMIN

The ADMIN role is identical to the SUPER ADMIN except that:

  • this role cannot manage the multi tenant feature - see Admin Center - Multi tenant panel
  • this role is specific to each tenant - in other words it is the "SUPER ADMIN" role on a per tenant basis
  • if there is only one tenant in existence and the multi tenant feature is not used, then this role has identical permissions to SUPER ADMIN

You should use this role with caution!

ARCHITECT

The ARCHITECT role is intended to be granted to users/groups that do not require Admin Center access but require more access than standard users:

  • This role does not grant any application access permissions therefore you will need to specify these manually
  • this role is specific to each tenant
  • the default set of resource permissions is as follows:

Click to enlarge

USER

The USER role should be granted to "standard" users/groups - i.e. those that do not require Admin Center access and limited resource permissions. The default set of resource permissions is as follows:

Click to enlarge

Available resources

Admin ResourcesGrants access to admin level features (available in the Admin Center) for the current tenant.
App to app dependencies

Grants access to the User Guide - Application to Application dependencies scope for the current tenant:

 

Custom Object Types

Grants access to the custom node feature for the current tenant:

Custom View

Grants access to the User Guide - Custom scope in the current tenant:

Cypher Search

Grants access to the Cypher Search feature for the current tenant:

Document-It

Grants access to the Document-It feature for the current tenant:

Services view

Grants access to the User Guide - Service scope for the current tenant:

Note that this resource only has the ability to assign the CREATE permission.
Sourcecode viewer

Grants access to the User Guide - Viewing source code feature for the current tenant:

Note that this resource only has the ability to assign the CREATE permission.
Tags

Grants access to the add tags feature for the current tenant:

Roles list

The Roles list displays the roles that are available for use and allows you to edit existing and create new roles:

Click to enlarge

Add role

Add a new custom role:

New roles are created without any application data or resource permissions and must be manually configured before being assigned to a user/group:

A role name can contain only the following characters:

  • A-Z
  • a-z
  • 0-9
  • underscore ('_')
Selection box

Allows you to select the role and then delete the selected items:

RolesLists the names of the roles available in CAST Imaging
Applications authority

Lists any Applications that the user/group has been granted access to and allows Application data permissions to be changed:

In ≥ 2.14, if all applications are selected for a non-admin role, the drop-down will display "All applications" instead of listing all the applications.

Resources and permissions

Lists the resources that have been granted an access permission, and the ability to make changes:

Note that logic checks are performed when customizing resource permissions in this panel:

  • On selecting a READ permission, the parent resource permission is automatically selected as well.
  • If multiple permissions together with a READ permission are ticked for any resource, and then the READ permission is unticked, all other permissions and the parent resource permission will be automatically unticked.
  • All the permissions for a resource will remain unchecked until a READ permission is ticked.

Assigning roles to users/groups

To assign a role or roles to your users or groups, use the Admin Center - Users panel: