General

GUI Reference: Global Role-Permissions

This page allows users to view and edit the global role-permission assignments for each role on the hub.

To view and edit resource role-permission assignments for an individual securable resource, use the corresponding Resource Role-Permissions page.

See also the section on recommended combinations for global role-permissions.

Important Note: the CodeSonar Web GUI makes extensive use of JavaScript. Make sure JavaScript is enabled in your web browser.

Navigating to

From Settings: In the User Administration tab, click Global Permissions.
From Click Global Permissions in the link bar (under the page heading).
By URL: http://hub_location/global-permissions.html

Page Properties

Output formats CSV, JSON, XML (permissions.xsd)
Visibility Filter Applied none
RBAC Permissions Needed
Page Contents/FunctionalityG_ADMINISTER_USERS
G_MANAGE_USERS
ROLE_READ

Page Contents

The following annotated screenshot shows the various parts of a Global Role-Permissions page.

Annotated Screenshot: Global Role-Permissions page standard header breadcrumbs heading heading links and information links and information table legend table legend global role-permissions table Save Changes and Clear Changes buttons standard footer

Standard Header See GUI Reference: Standard Header.
Breadcrumbs Home > Settings > Global Permissions
Where
Page Heading Global Permissions: Permissions
Links and Information Links to other RBAC-related pages: Users, Roles, Global Permisions (this page), Root Project Tree Permissions, Root Launch Daemon Group Permissions. The latter two links are to the Resource Role-Permissions pages for the root project tree and root launchd group, respectively.
Global Role-Permissions Table A table with one row for each role and one column for each global permission. Click a role name, ID, or description to navigate to the corresponding Role Users page.
  • If you have G_ADMINISTER_USERS permission, the table will list all roles on the hub.
  • Otherwise, the table will list all roles for which you have ROLE_READ permission.

The table has standard pagination controls.

The available table columns are as follows. All columns except Role ID are displayed by default.

Column Label Column Data
Role ID Role ID
Role Role Name
Role Description Role Description
Permissions One column for each global permission.

Cell contents for these columns depend on whether the corresponding role is assigned the corresponding permission.

A role may be directly assigned a particular global permission, or be indirectly assigned that permission through role inheritance from one or more of its ancestor roles, or both, or neither.

The table legend shows how each of these cases is rendered in the table.
screenshot fragment: role-permissions legend

Note that for performance reasons, role-permissions with only direct assignment are frequently rendered as "directly assigned and possibly inherited".

To add or remove a direct role-permission assignment, click the corresponding table cell to add or remove the bold ("directly assigned") checkmark, then click Save Changes. (Any resulting changes to indirect assignments will be shown after you click Save Changes.)

  • Users with G_ADMINISTER_USERS can modify (mutable) role-permission assignments for all global permissions.
  • Users with G_MANAGE_USERS (and not G_ADMINISTER_USERS) can modify (mutable) role-permission assignments for some global permissions, but not the most powerful ones. In particular, they cannot assign or unassign G_ADMINISTER_USERS permission. Assignment requirements for each global permission are described in the list of global permissions.
  • Users with neither G_ADMINISTER_USERS nor G_MANAGE_USERS cannot modify global role-permission assignments.
Note that you will not be able to modify immutable role-permission assignments.
"Save Changes" and "Clear Changes" buttons If you have clicked in one or more of the table cells to add or remove direct role-permission assignments, the "<num> pending change(s)" notification under the table will update to show how many changes you have made since you loaded or reloaded the page.

Click Save Changes to save your changes and reload the page to show the effects of your changes.

  • If you have added direct permission P to role R:
    • R will have "directly assigned and possibly inherited" checks for P.
    • Roles that are descended from R will have an "inherited" check for P.
      (There is no effect on their direct assignments, which may include P.)
  • If you have removed direct permission P from role R:
    • R will no longer have a "directly assigned" check for P.
    • R will still have an "inherited" check for P if and only if one or more ancestors of R is assigned P.
    • Roles that are descended from R will still have an "inherited" check for P if and only if one or more of their ancestors is assigned P.
      (There is no effect on their direct assignments, which may include P.)
Click Clear Changes to restore the table to the state it was in when you loaded or reloaded the page.
Standard Footer See GUI Reference: Standard Footer.

Navigating from

to Roles Click Roles in the link bar (under the page heading).
to Role Users Click the role name in the table.
to Users Click Users in the link bar (under the page heading).

Related Tasks