Task: Activate or Deactivate a User Account
There are two main situations in which you might want to
deactivate a hub user account:
- The hub is approaching
the license limit for active users.
- A user account was created in error, or belongs to someone no
longer associated with the projects on the hub. Even if you are
not approaching the license limit, it is useful to disable such
accounts so that other users can't assign them as warning
owners.
Conversely, you may wish to reactivate a previously-deactivated
account if you have available
active users
capacity.
A hub user account is considered to be active
if and only if one or more of its associated roles has G_SIGN_IN permission.
When a user account is deactivated:
- Its credentials cannot be used for authentication,
so cannot be used to authorize
any interactions with the hub (including through the Web GUI).
The user who owns the account will still be able to occupy an
available Anonymous
session.
- The Owner of a
warning cannot be changed to that account: the account username
will not be available in the Change Warning
form.
- For any warning already owned
by that account: the Priority, State, Finding, and Notes cannot be
modified until the Owner is changed to an enabled account.
To deactivate a user or set of users, de-assign them from all
roles that
have G_SIGN_IN permission.
Important note: if you have adjusted
the Anyone role to add the G_SIGN_IN permission you will not be able to
deactivate any users, because all users always have the Anyone role.
You will need to remove the G_SIGN_IN permission from the Anyone role before
proceeding with the deactivation process.
- If the CodeSonar Web GUI is not already open, open it now.
- If you are currently signed into a user account that does not
have G_ADMINISTER_USERS permission:
- Sign out: click your username in the GUI page header
, then click the
Sign Out link that pops up.
- Click the Sign In link in the GUI page header:
The Sign In page will
open.
- Sign back in as Administrator (or another user with
G_ADMINISTER_USERS permission).
- Navigate to the Global
Role-Permissions page.
- Click the Settings icon
in the page header to view the
Settings
page.
- Select the User
Administration tab.
- Click Global
Permissions.
The Global Role-Permissions page will open.
- The Sign In column in the table of roles corresponds to
G_SIGN_IN permission.
- If the column is not already visible, add it.
- Sort the table in ascending order by the Sign In column.
- Click the Sign In column header to open the table
menu for that column.
- Click Sort Ascending in
the table menu.
The roles with check marks in the Sign In column (that is,
those with G_SIGN_IN permission) will now be
clustered at the top of the table.
- For each of the roles with a check mark in the Sign In
column, remove that role from all the users you want to deactivate
as follows.
- Click the corresponding row of the table to navigate to the
Role Users page for
that role.
- If one or more of the users you want to deactivate has (at
least) a "directly assigned" checkmark in the
Assigned column, remove the direct assignment from those
users as follows.
- Click the checkboxes next to those users to remove the
bold ("directly assigned") checkmark.
- Click the Save Changes button (under the
table).
The table will update to show the effects of your
changes.
- Once you have removed all roles with G_SIGN_IN permission from the user you
want to deactivate, navigate to the Users page so you can check
that deactivation has been successful.
- Click the Settings icon in the page header to view the
Settings
page.
- Select the User
Administration tab.
- Click Users.
The Users page will open.
- Inspect the table of users on the Users page. All the users you
deactivated should have an empty Sign In column (no check mark),
indicating that they do not have G_SIGN_IN permission.
To activate a user or set of users, assign them a role that has
G_SIGN_IN permission.
We provide built-in role Enabled to simplify this process.
- By default, Enabled has G_SIGN_IN (and only G_SIGN_IN).
- G_SIGN_IN permission cannot be removed from the
Enabled role.
This means that a user can always be activated by assigning them
the Enabled role.
Important note: if you have adjusted
the Enabled role to add further permissions
that are not suitable for the users in question, you will need to
choose (or perhaps create) a different role that has G_SIGN_IN but none of the unsuitable
permissions.
Important note: activation (G_SIGN_IN permission) is not necessarily
sufficient to allow a user to sign in to the hub. See Hub Authentication:
Authentication and Authorization for details.
To assign the Enabled role, do the following.
- If the CodeSonar Web GUI is not already open, open it now.
- If you are currently signed into a user account that does not
have G_ADMINISTER_USERS permission:
- Sign out: click your username in the GUI page header , then click the
Sign Out link that pops up.
- Click the Sign In link in the GUI page header:
The Sign In page will
open.
- Sign back in as Administrator (or another user with
G_ADMINISTER_USERS permission).
- Navigate to the Roles page.
- Click the Settings icon in the page header to view the
Settings
page.
- Select the User
Administration tab.
- Click Roles.
The Roles page will open.
- Click the table row for the Enabled role.
The Role Users page for
the Enabled role will open.
- For each user that you want to activate, click the
Assigned checkbox to add a ("directly assigned")
checkmark.
- Click the Save Changes button (under the table).
The table will update to show the effects of your changes.
- Navigate to the Users page so you can check
that activation has been successful.
- Click the Settings icon in the page header to view the
Settings
page.
- Select the User
Administration tab.
- Click Users.
The Users page will open.
- Inspect the table of users on the Users page. All the users you
activated should have a check mark in the Sign In column,
indicating that they have G_SIGN_IN permission.