Managing access
This section will help you understand how users access management works in Squore.
In Squore, permissions and privileges are distributed between global roles and project roles :
-
A global role is a set of permissions granting access to certain Squore features
-
A project role is a set of privileges within a Squore project.
In order to assign global and project roles to users or groups we use respectively, authorizations and projects team (Define roles for your team members).
Global roles
You can use global roles to grant or deny access to the below Squore features.
Manage Server |
Configure and manage server, access server logs. |
Manage Users, Groups and Roles |
Manage users, groups, roles and authorizations on server. |
View Models |
Use the models Viewer and Validator. |
Use Capitalisation Base |
Use the Capitalisation feature and learn from existing data in order to improve analysis models. |
Create Projects |
Create new projects. |
Modify Models |
Use the Dashboard Editor and the Ruleset Editor to edit analysis models. Also access usage statistics for particular analysis models. |
Use External Tools |
View and use external tools configured by Squore administrators. To learn more about external tools, consult the Configuration Guide. |
Manage Configuration |
Reload Squore server configuration. |
Use REST API (read-only) |
Use read-only API requests. |
Use REST API (read/write) |
Use all API requests, read and write. |
Access Server Resources |
Analyze files located on the server. |
Use Command Line Interface |
Use the command line interface to run analyses. |
Use Beta Features |
Use all available experimental features. |
Manage projects and archives |
Manage all projects and archives on the server. |
Four global roles are available by default, with permissions set as shown below:
A Squore user with the global role, Administrator, can manage users as well as their global and project roles. |
For security purposes, the global role DEMO_USER should be deactivated on a production installation. |
Project roles
A project role is the set of privileges that a user enjoys in the context of a project. You can use project roles to allow users to undertake below actions within the scope of a project.
View Projects |
Allows a user to see a project in their project list and to browse this project’s analysis results. |
Manage Projects |
Allows a user to manage a project: rename it, create or delete versions, access project creation log files and manage project team. |
Baseline Projects |
Allows a user to create a baseline version of a project that will not be overwritten by subsequent analysis. For more information about baselines, see Drafts and Baseline. |
View Drafts of Projects |
Allows a user to view the current draft version of a project. Without this privilege, only baseline versions of a project are visible in the project portfolio. For more information about baselines, see Drafts and Baseline. |
Modify Action Items |
Allows updating the status of Action Items from TODO to Relaxed for example. Without this privilege, the status is displayed as a read-only field. |
Modify Artefacts Attributes |
Allows a user to modify the value of attributes displayed in the Forms tab of the Explorer. Without this privilege, attributes are read-only. |
View Source Code |
Allows a user to click to view the source code of an artefact from any tab in the Explorer. |
Modify Artefacts |
Allows a user to add, delete, relax, exclude artefacts from the artefact tree. Users without this privilege can still view artefacts created by others. |
Modify Findings |
Allows a user to change the status of violations on the Findings tab. Users without this privilege can view relaxed findings but cannot relax or un-relax them. |
Create Branches |
Allows a user to create branches. |
Propagate Actions |
Allows a user to propagate user actions to adjacent branches. |
View Rulesets Delta |
Allows a user to view differences in current ruleset, compared to default one, in Findings tab. |
Six project roles are available by default, with privileges assigned as shown below:
A Squore user with the project role, Project Manager, can create a new version of this project or give access to another user to this project’s analysis results. |
The project role, OWNER, is assigned automatically to the user who creates the first version of a project. A project has only one owner, and you can control how much a project owner can see and do by modifying the permissions of the OWNER project role. An administrator can transfer ownership of a project to a new user if required. |
Authorizations
In Squore, an authorization allows you to assign a global role to a user or group, in order to grant this user/group access to certain Squore features.
You can manage authorizations from the Administration > Authorizations menu:
In order to assign a global role to a user or group, just click on the Add authorization button and fill-out the requested information:
When a user has been assigned more than one global role, its overall permission set is the combination of all permissions from all the global roles he has been assigned.
Auto-completion is available in user/group field. Search includes local users/groups as well as externals, if an LDAP authentication has been set up. |