Managing access

This section will help you understand how users access management works in Squore.

In Squore, permissions and privileges are distributed between global roles and project roles :

  • A global role is a set of permissions granting access to certain Squore features

  • A project role is a set of privileges within a Squore project.

In order to assign global and project roles to users or groups we use respectively, authorizations and projects team (Define roles for your team members).

Global roles

You can use global roles to grant or deny access to the below Squore features.

Manage Server

Configure and manage server, access server logs.

Manage Users, Groups and Roles

Manage users, groups, roles and authorizations on server.

View Models

Use the models Viewer and Validator.

Use Capitalisation Base

Use the Capitalisation feature and learn from existing data in order to improve analysis models.

Create Projects

Create new projects.

Modify Models

Use the Dashboard Editor and the Ruleset Editor to edit analysis models. Also access usage statistics for particular analysis models.

Use External Tools

View and use external tools configured by Squore administrators. To learn more about external tools, consult the Configuration Guide.

Manage Configuration

Reload Squore server configuration.

Use REST API (read-only)

Use read-only API requests.

Use REST API (read/write)

Use all API requests, read and write.

Access Server Resources

Analyze files located on the server.

Use Command Line Interface

Use the command line interface to run analyses.

Use Beta Features

Use all available experimental features.

Manage projects and archives

Manage all projects and archives on the server.

Four global roles are available by default, with permissions set as shown below:

SUM defaultGlobalRoles
Figure 1. Default global roles for administrators, advanced user, standard user and demo user

A Squore user with the global role, Administrator, can manage users as well as their global and project roles.

For security purposes, the global role DEMO_USER should be deactivated on a production installation.

Project roles

A project role is the set of privileges that a user enjoys in the context of a project. You can use project roles to allow users to undertake below actions within the scope of a project.

View Projects

Allows a user to see a project in their project list and to browse this project’s analysis results.

Manage Projects

Allows a user to manage a project: rename it, create or delete versions, access project creation log files and manage project team.

Baseline Projects

Allows a user to create a baseline version of a project that will not be overwritten by subsequent analysis. For more information about baselines, see Drafts and Baseline.

View Drafts of Projects

Allows a user to view the current draft version of a project. Without this privilege, only baseline versions of a project are visible in the project portfolio. For more information about baselines, see Drafts and Baseline.

Modify Action Items

Allows updating the status of Action Items from TODO to Relaxed for example. Without this privilege, the status is displayed as a read-only field.

Modify Artefacts Attributes

Allows a user to modify the value of attributes displayed in the Forms tab of the Explorer. Without this privilege, attributes are read-only.

View Source Code

Allows a user to click to view the source code of an artefact from any tab in the Explorer.

Modify Artefacts

Allows a user to add, delete, relax, exclude artefacts from the artefact tree. Users without this privilege can still view artefacts created by others.

Modify Findings

Allows a user to change the status of violations on the Findings tab. Users without this privilege can view relaxed findings but cannot relax or un-relax them.

Create Branches

Allows a user to create branches.

Propagate Actions

Allows a user to propagate user actions to adjacent branches.

View Rulesets Delta

Allows a user to view differences in current ruleset, compared to default one, in Findings tab.

Six project roles are available by default, with privileges assigned as shown below:

SUM defaultProjectRoles
Figure 2. Default project roles available for users in Squore

A Squore user with the project role, Project Manager, can create a new version of this project or give access to another user to this project’s analysis results.

The project role, OWNER, is assigned automatically to the user who creates the first version of a project. A project has only one owner, and you can control how much a project owner can see and do by modifying the permissions of the OWNER project role. An administrator can transfer ownership of a project to a new user if required.

Authorizations

In Squore, an authorization allows you to assign a global role to a user or group, in order to grant this user/group access to certain Squore features.

You can manage authorizations from the Administration > Authorizations menu:

SUM authorizationsMenu
Figure 3. Authorizations menu in Squore

In order to assign a global role to a user or group, just click on the Add authorization button and fill-out the requested information:

SUM authorizationsAddNew
Figure 4. Assign a global role to a user or group

When a user has been assigned more than one global role, its overall permission set is the combination of all permissions from all the global roles he has been assigned.

Auto-completion is available in user/group field. Search includes local users/groups as well as externals, if an LDAP authentication has been set up.