General

GUI Reference: User Roles

This page contains information about the assigned roles for a single hub user account. It provides functionality for adding and removing direct role assignments.

Important: If you are using a hub authentication plug-in that updates a user's role assignments at login time, a role that you remove from a user on this page will be re-added to that role the next time they sign in if the plug-in determines they should have that role. There are two main cases where an authentication plug-in can have this behavior: either the LDAP plug-in has been installed and configured with one or more Role Mapping List entries, or a custom authentication plug-in implements one or more of get_user()/get_user_from_cert()/get_user_from_request() with a return value that includes a list of roles.

Important Note: the CodeSonar Web GUI makes extensive use of JavaScript. Make sure JavaScript is enabled in your web browser.

Navigating to

From Account Editor: In the Account Settings tab, click View and Edit Roles.
From Role Users: Click a row in the table of users.
From Settings: In the Account tab, click View and Edit Roles.
by URL: http://hub_location/user/user_id-roles.html

Page Properties

Output formats CSV, JSON, XML (user_roles.xsd)
Visibility Filter Applied none
RBAC Permissions Needed
Page AccessG_LIST_USERS
Page Contents/FunctionalityG_ADMINISTER_USERS
ROLE_ASSIGN
ROLE_READ

Page Contents

The following annotated screenshot shows the various parts of a User Roles page.

Annotated Screenshot: Roles Page standard header breadcrumbs page heading table legend table legend links and role details links and role_details table of roles Save Changes and Clear Changes buttons standard footer

Standard Header See GUI Reference: Standard Header.
Breadcrumbs Home > Settings > Users > User_Name > User Roles
Where
Page Heading Roles for user "User_Name"
Links and Role Details Links to other RBAC-related pages: Users, Roles, Global Role-Permissions, Root Project Tree Permissions, Root Launch Daemon Group Permissions. The latter two links are to the Resource Role-Permissions pages for the root project tree and root launchd group, respectively.
Role Table

A table with one row for each role. Click a role name, ID, or description to navigate to the corresponding Role Users page.

  • If you have G_ADMINISTER_USERS permission, the table will list all roles on the hub.
  • Otherwise, the table will list all roles for which you have ROLE_READ permission.
    If you are viewing the User Roles page for your own hub user account, the table will include all your assigned roles, even if you don't have ROLE_READ permission for some or all of those roles.

The table has standard pagination controls.

The available table columns are as follows. Columns displayed by default are marked with an asterisk (*).

Column Label Column Data
Assigned * Contents depend on whether or not the user is directly assigned to the role or one of its descendant roles (thereby inheriting the permissions on the role).

In both direct and inherited cases, the user will have all permissions that are directly or indirectly assigned to the role.

The table legend shows how each of these cases is rendered in the table.
screenshot fragment: role-permissions legend

Note that for performance reasons, roles with only direct assignment are frequently shown as "directly assigned and possibly inherited".

To add or remove a direct assignment, click the corresponding table cell to add or remove the bold ("directly assigned") checkmark, then click Save Changes. This requires either ROLE_ASSIGN R permission for the role R that you are assigning/unassigning, or G_ADMINISTER_USERS permission.
Note that you will not be able to remove immutable role assignments.
Role ID Role ID
Role * Role Name
Description * Role Description
"Save Changes" and "Clear Changes" buttons

If you have clicked in one or more of the Assigned cells to add or remove direct assignments, the "<num> pending change(s)" notification under the table will update to show how many changes you have made since you loaded or reloaded the page.

Click Save Changes to save your changes and reload the page to show the effects of your changes.

  • If you have added a direct assignment to a role R, the row for R will now have a "directly assigned and possibly inherited" check.
  • If you have removed a direct assignment from a role R, the row for R will no longer have a "directly assigned" check. It will still have an "inherited" check if and only if the user is directly assigned a role that is a descendant of R.
Click Clear Changes to restore the table to the state it was in when you loaded or reloaded the page.
Standard Footer See GUI Reference: Standard Footer.

Navigating from

to Global Role-Permissions Click Global Permissions in the link bar (under the page heading).
to Manage Users Click Users in the link bar (under the page heading).
to Roles Click Roles in the link bar (under the page heading).
to Role Users Click the role name, ID, or description in the table.

Related Tasks