Summary: This section describes how to configure data authorization in ≥ 2.x.

How are data authorizations managed in ≥ 2.x?

Data authorization is managed in a graphical user interface. This interface is available to users that have been assigned the ADMIN role and can be accessed by clicking the User Configuration option in the user menu:

The interface is then displayed. There are two tabs that are relevant for data authorizations: Profiles and Users: by default the Profiles tab is displayed:

Click to enlarge

Profiles tab:

Users tab:

  • The Profiles interface is used to manage profiles - data authorizations (and also User roles - 2.x and above) are assigned to profiles
  • The Users interface is used to assign profiles (managed in the Profiles tab) to Users/Groups
  • Any changes made in the interface to assigned data authorizations are effective immediately.

Using a RESTRICTED legacy type license key for accessing the Dashboard schema

This section is not relevant for those using a current license key. Authorizations are always defined in the UI and the license.xml is ignored.

When using a legacy type RESTRICTED license key for accessing the Dashboard schema (Engineering/Security Dashboard) - see Dashboard Service license key configuration - you MUST define authorizations manually in the following file:

WAR ≥ 2.x
CATALINA_HOME\webapps\<dashboard>\WEB-INF\classes\license.xml
 
ZIP ≥ 2.x
<unpacked_zip>\configurations\license.xml

JAR ≥ 2.x
Windows: %PROGRAMDATA%\CAST\Dashboards\<dashboard>\license.xml
Linux: /root/ProgramData/CAST/Dashboards/<dashboard>/license.xml

In other words, if you are using:

you should:

The authorizations do not need to be identical in the user interface and in license.xml if the user/group requires different authorizations in each dashboard.

Assign or remove authorizations

To assign or remove authorizations from a user or group, use the expandable column in either list. Changes are automatically saved and are taken into account immediately:

  

If you assign All Applications, then automatically All Technologies and All Tags are also assigned since it is not possible to prevent a user from accessing a specific technology/tag if the user can also access all Applications:

Click to enlarge

Delete all assigned authorizations

To delete all roles that have been assigned to a user or group, select the user/group and then use the delete icon. Changes are automatically saved but are only taken into account when the user logs out and logs back in again in a new session:

Click to enlarge

Using the delete option will remove both roles and data authorizations.