Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The interface is then displayed. There are two tabs , that are relevant for roles: Profiles and Users: by default the Profiles tab is displayed:

Click to enlarge

Profiles tab:

Image RemovedImage Added

Users tab:

Image RemovedImage Added

Info
  • The Profiles interface is used to manage profiles - profiles are used to assign roles roles (and also Data authorization - 2.x and above) are assigned to profiles
  • The Users interface is used to assign profiles to (managed in the Profiles tab) to Users/Groups
  • Any changes made in the interface to assigned roles are taken into account only when the user logs out and logs back in again. Data authorizations are effective immediately.


Assign applications by tags
Excerpt


Options in Profile tab

Search and Add


Image Modified


Search option lets you to search a Profile from the list of available Profiles. Enter the Profile name and click Image Modified 

tov

to view the selected Profile.

Image Modified
Add a profiles option lets you add a new Profile.


Edit and Delete 

Image Modified

Image Modified

This option allows you to edit the roles/authorizations assigned to the selected user/group. This is particularly useful if you need to modify multiple users/groups in one go.

Image Modified
This option will remove all the roles/authorizations granted to selected the user/group.


Profiles

Lists all profiles that are available, by name:

Image Modified

Info
On first login, a profile called "admin_profile" will be created automatically. This profile has the role "Admin" assigned to it. The first user to login and become admin (see First login and become admin) will be automatically assigned this profile.


Roles

Image Modified

  • Lets you select the built-in Role to be assigned to the selected Profile.
  • Lists the roles that have been assigned to the corresponding Profile.
Assign applications by
name
Names / Assign applications by Technologies / Assign applications by Tags

These columns list the data authorizations that have been assigned to the corresponding Profile, i.e., by:

  • application name
  • by technology
  • by tags
Info

The Assign applications by tags column will NOT be visible:

You can directly modify them in this column:

Image ModifiedImage ModifiedImage ModifiedImage Modified

Info
Assign applications by technology

Note about the All Applications option for Assign Applications by Name:

  • Users can assign "All Applications" to multiple profiles or a single profile without adding any role to the selected profile/s.
  • When using the "All Applications" authorization, any new Applications that are onboarded will automatically be included in the authorization.

Image Added


Options in Users tab
Search

Lets you search a User or a Group from the list of available Users/Groups.

Image Modified

Users

This column lists all users/groups:

Image Modified

  • When local authentication is active:
    • all users that have been defined in the users.properties file will be listed here
    • it is not possible to create groups, therefore assigning roles or data authorizations to groups is also not possible
  • When LDAP or SAML authentication are active:
    • only users/groups that have specifically been assigned a profile will be listed
    • Groups are taken directly from the LDAP/SAML directory and must therefore be created there before they can be exploited by the CAST Dashboards
Profiles

This columns lists all profiles that have been created in the Profiles tab and allows you to assign them to your users/groups:

Image Modified

Edit

Lets you edit the selected Users/Groups, i.e. change the profile assigned to the User/Group:

Image Modified

Image Modified


What roles are available?

...

To create or edit a profile, use the Profiles tab:

Image RemovedImage Added

Click the Add button to add a new profile:

Image RemovedImage Added

Name the profile and click the tick icon to save:

...

To assign or remove roles to/from a profile, use the Profiles tab:

Image RemovedImage Added

and then the expandable item in the Roles column. Changes are automatically saved but are only taken into account when the user logs out and logs back in again in a new session:

...

If you assign All Roles or just the ADMIN role, then automatically All Applications, All Technologies and All Tags (if available) are also assigned:

Click to enlarge

Assign profiles to users/groups

Ensure you create the profile first. Then to assign or remove roles to/from a profile, use the Users tab:

Image Added

and then the expandable item in the Profiles column. Changes are automatically saved but are only taken into account when the user logs out and logs back in again in a new session:

Image Added

Image Added

Assign profiles to SAML users/groups from UI

Ensure you create the profile first. Then to assign or remove roles to/from a profile, use the Users tab:

...

Image Added

and then the expandable item in the Profiles column. Changes are automatically saved but are only taken into account when the user logs out and logs back in again in a new session:

Image Modified

Image Modified