Summary: this page describes how to grant/revoke existing roles to your users and groups.

A user with the ADMIN or SUPER ADMIN role is required.


The Users panel enables you to grant/revoke existing roles to your users and groups:

When clicked, a list of existing users/groups and their assigned roles is displayed:

  • The current logged in user is never displayed in this list - to manage roles for the current user you will need to log in with another user that has the ADMIN or SUPERADMIN role.
  • When local authentication mode is active:
    • it is not possible to create groups, therefore assigning roles or Applications data access permissions to groups is also not possible.
    • all users that have been created in the application-security-local.xml will be listed.
  • When LDAP, Active Directory or SAML authentication modes are active:
    • Only users/groups that have specifically been assigned a role will be listed (note that groups are not supported when SAML authentication mode is active).
    • Groups are taken directly from the back-end LDAP/Active Directory system and must therefore be created there before they can be exploited in CAST Imaging.
  • When SAML authentication mode is active:
    • Granting roles/permissions to groups is supported in ≥ 2.9.0 (not supported in previous releases).

Assign a role or roles

Chose the role or roles you require using the drop down list (you can create new roles in the Roles panel). When assigning multiple roles, the role with the most permissive behaviour will override other roles.

LDAP/SAML authentication

Adding users/groups to the list

If an authentication mode other than "local" is active and the user/group has never been granted a permission, the user/group will not be visible in the list. Therefore, to find the user/group:

Using LDAP

You will need to search for the user/group because it will not be displayed in the table:

Using Active Directory/SAML

In these modes, the search mechanism is not available, instead, you will need to specifically use the Add user/group icon to add a user or group with an identical name to the user or group you want to grant the role or permission to:

Note that when using SAML authentication, you MUST ensure that the login/user name that you add exactly matches the login/username in the SAML directory. For example if the login uses a mixture of upper and lowercase characters, ensure that these are also used in CAST Imaging.

Grant the Tutorial permission to users/groups

To allow users/groups to use the Tutorial feature, you will need to grant the permission on a user or group basis. Select the user/group you want to grant these permissions to (1), and then click the icon highlighted in the top right (2):

Then enable the required permission and click Update:

The changes will be saved automatically.

Editing/deleting existing roles assignments

Edit existing role assignments

If you need to edit existing roles for a user/group, you can use the dropdown list to change the role that has been assigned:

Delete role assignments

To delete all roles/permissions that have been granted to a user or group already, use the delete icon on the selected users/groups:

You will be prompted to confirm the choice:

The user or group will now have no roles or permissions assigned to it.