...
The interface is then displayed. There are two tabs, panels that are relevant for roles: Profiles and Users: by . By default the Profiles tab is displayed:
Click to enlarge
Profiles tab:
Image Removed
Users tab:
Image Removed
...
.
| Info |
|---|
Any changes made in the interface to assigned roles are taken into account only when the user logs out and logs back in again. |
| Excerpt |
|---|
Profiles panelOptions in Profile tabThe Profiles panel is used to manage profiles. Data authorizations are effective immediately. |
| Excerpt |
|---|
Roles (and also Data authorization - 2.x and above) are assigned to profiles:  Image Added
|
 Image Modified
| Search option lets you to search a Profile from the list of available Profiles. Enter the Profile name and click  Image Modified |
|
|---|
tov to view the selected Profile. |  Image Modified | Add a profiles option lets you add a new Profile. |
| | Edit and Delete |  Image Modified
 Image Modified | This option allows you to edit the roles/authorizations assigned to the selected user/group. This is particularly useful if you need to modify multiple users/groups in one go. |  Image Modified | This option will remove all the roles/authorizations granted to selected the user/group. |
|
|---|
| Profiles | Lists all profiles that are available, by name:  Image Modified
| Info |
|---|
| On first login, a profile called "admin_profile" will be created automatically. This profile has the role "Admin" assigned to it. The first user to login and become admin (see First login and become admin) will be automatically assigned this profile. |
|
|---|
| Roles |
|---|
 Image Removed
Lets you select Lists the available built-in |
Role to be assigned Roles and allows you to assign them to the selected Profile. |
Lists It also allows you to view the roles that have already been assigned to a specific Profile:  Image Added
| Info |
|---|
In CAST Dashboards ≥ 2.10, by default, when a new profile is created, the No Role role (see NO_ROLE) will automatically be assigned to |
|
the corresponding Profileit. In older releases, the profile does not have any roles assigned to it. |
| | Assign applications by |
|---|
name| Names / Assign applications by Technologies / Assign applications by Tags | These columns list the data authorizations that have been assigned to the corresponding Profile, i.e., by: - application name
- by technology
- by tags
| Info |
|---|
The Assign applications by tags column will NOT be visible: |
You can directly modify them in this column:
 Image Modified Image Modified Image Modified Image Modified |
|---|
| Assign applications by technology |
|---|
| Assign applications by tags |
|---|
| Options in Users tab |
|---|
Note about the All Applications option for Assign Applications by Name: - Users can assign "All Applications" to multiple profiles or a single profile without adding any role to the selected profile/s.
- When using the "All Applications" authorization, any new Applications that are onboarded will automatically be included in the authorization.
 Image Added
|
|
Users/Groups panelThe Users/Groups panel is used to assign profiles (managed in the Profiles tab) to Users/Groups:  Image Added
| Search | Lets you search a User or a Group from the list of available Users/Groups.  Image Modified
|
|---|
| Users/Groups | This column lists all users/groups:  Image Modified
- When local authentication is active:
- all users that have been defined in the users.properties file will be listed here and CANNOT be removed.
- it is not possible to create groups, therefore assigning roles or data authorizations to groups is also not possible
- When LDAP or SAML authentication are active:
- only users/groups that have specifically been assigned a profile will be listed. In ≥ 2.10 users/groups can be removed from the list.
- Groups are taken directly from the LDAP/SAML directory and must therefore be created there before they can be exploited by the CAST Dashboards
| Info |
|---|
You can search for users/groups that have already been granted a profile (i.e. that are present in the list) using the Search panel in the column header:  Image Added
|
|
|---|
| Profiles | This columns lists all profiles that have been created in the Profiles tab and allows you to assign them to your users/groups:  Image Modified
|
|---|
| Edit | Lets you edit the selected Users/Groups, i.e. change the profile assigned to the User/Group:  Image Modified
 Image Modified
|
|---|
| Delete (available in ≥ 2.10) | The delete option is only available when either LDAP or SAML authentication mode is in use. It allows users or groups to be removed from the list - for example if you granted a role to a user/group and now want to revoke this permission:  Image Added
A warning is displayed before the user/group is deleted. The User/Group is only deleted from the CAST Dashboard Administration panel, not the LDAP/SAML authentication directory:  Image Added
|
|---|
|
What roles are available?
...
Use of NO_ROLE in the user interface
The role In CAST Dashboards ≥ 2.10, the NO_ROLE is a role that is available for use, however, this role (No Role) is available for selection.
If you are using an older release of CAST Dashboards, this role is not directly made available in the interface to be assigned. Instead, NO_ROLE can be assigned simply by granting a Data authorization and none of the roles. For example, test_profile in the image below has no roles assigned to it, but it has one data authorization assigned (to access the application called "MEUDON") - therefore a user/group with this profile can log in and access the application but has no other permissions:
Click to enlarge
...
Creating new profiles
To create or edit a profile, use the Profiles tab:
Image RemovedImage Added
Click the Add button to add a new profile:
Image Removed
Image Added
Name the profile and click the tick icon to save:
...
The profile will then appear in the list :- by default the No Role role will be assigned to the role - this is a read only role. See User roles for more information about this role.
Image Modified
Assign or remove roles to/from profiles
To assign or remove roles to/from a profile, use the Profiles tab:
Image RemovedImage Added
...and then click the expandable item in the Roles column. Changes :
Image Added
Select the role or roles you require for the profile. Changes are automatically saved but are only taken into account when the user logs out and logs back in again in a new session:
Image Removed
Image Modified
If you assign All Roles or just the ADMIN role, then automatically All Applications, All Technologies and All Tags (if available) are also assigned:
...
Ensure you create the profile first. Then to assign or remove roles to/from a profile, use the Users tab:
Image RemovedImage Added
and then the expandable item in the Profiles column. Changes are automatically saved but are only taken into account when the user logs out and logs back in again in a new session:
Image Added
Image Added
Assign profiles to SAML users/groups from UI
Ensure you create the profile first. Then to assign or remove roles to/from a profile, use the Users tab:
Image Added
and then the expandable item in the Profiles column. Changes are automatically saved but are only taken into account when the user logs out and logs back in again in a new session:
Image Modified
Image Modified
