Managing access

This section will help you understand how users access management works in PC-lint Plus View.

In PC-lint Plus View, permissions and privileges are distributed between global roles and project roles :

  • A global role is a set of permissions granting access to certain PC-lint Plus View features

  • A project role is a set of privileges within a PC-lint Plus View project.

In order to assign global and project roles to users or groups we use respectively, authorizations and projects team.

Access features

Global roles

You can use global roles to grant or deny access to the below PC-lint Plus View features.

Manage Server

Configure and manage server, access server logs and manage license.

Manage Users, Groups and Roles

Manage users, groups, roles and authorizations on server.

Create Projects

Create new projects.

Use REST API (read-only)

Use read-only API requests.

Use REST API (read/write)

Use all API requests, read and write.

Access Server Resources

Analyze files located on the server.

Use Command Line Interface

Use the command line interface to run analyses.

Manage projects and archives

Manage all projects and archives on the server.

Four global roles are available by default, with permissions set as shown below:

SUM defaultGlobalRoles auto
Figure 1. Default global roles for administrators, advanced user, standard user and demo user

A PC-lint Plus View user with the global role, Administrator, can manage users as well as their global and project roles.

For security purposes, the global role DEMO_USER should be deactivated on a production installation.

Authorizations

In PC-lint Plus View, an authorization allows you to assign a global role to a user or group, in order to grant this user/group access to certain PC-lint Plus View features.

You can manage authorizations from the Administration > Authorizations menu:

SUM authorizationsMenu auto
Figure 2. Authorizations menu in PC-lint Plus View

In order to assign a global role to a user or group, just click on the Add authorization button and fill-out the requested information:

SUM authorizationsAddNew auto
Figure 3. Assign a global role to a user or group

When a user has been assigned more than one global role, its overall permission set is the combination of all permissions from all the global roles he has been assigned.

Auto-completion is available in user/group field. Search includes local users/groups as well as externals, if an LDAP authentication has been set up.

Access projects

Project roles

A project role is the set of privileges that a user enjoys in the context of a project. You can use project roles to allow users to undertake below actions within the scope of a project.

View Projects

Allows a user to see a project in their project list and to browse this project’s analysis results.

Manage Projects

Allows a user to manage a project: rename it, create or delete versions, access project creation log files and manage project team.

Baseline Projects

Allows a user to create a baseline version of a project that will not be overwritten by subsequent analysis.

View Drafts of Projects

Allows a user to view the current draft version of a project. Without this privilege, only baseline versions of a project are visible in the project portfolio.

Modify Forms

Allows a user to modify the value of attributes displayed in the Forms tab of the Explorer. Without this privilege, attributes are read-only.

View Source Code

Allows a user to click to view the source code of an artifact from any tab in the Explorer.

Modify Artifacts

Allows a user to add, delete, relax, exclude artifacts from the artifact tree. Users without this privilege can still view artifacts created by others.

Modify Findings

Allows a user to change the status of violations on the Findings tab. Users without this privilege can view relaxed findings but cannot relax or un-relax them.

Create Branches

Allows a user to create branches.

Propagate Actions

Allows a user to propagate user actions to adjacent branches.

Six project roles are available by default, with privileges assigned as shown below:

SUM defaultProjectRoles auto
Figure 4. Default project roles available for users in PC-lint Plus View

A PC-lint Plus View user with the project role, Project Manager, can create a new version of this project or give access to another user to this project’s analysis results.

The project role, OWNER, is assigned automatically to the user who creates the first version of a project. A project has only one owner, and you can control how much a project owner can see and do by modifying the permissions of the OWNER project role. An administrator can transfer ownership of a project to a new user if required.

Projects team

A project’s team allows you to give users access to a project with a set of privileges corresponding to the associated project role. A user can be assigned multiple roles in the same project.

You can configure a project’s team from the Team tab of the Manage Projects page for a given project.

SUM emptyTeam auto
Figure 5. The Manage Projects>Team tab for Earth project

The project team can be configured directly from the command line when creating a new project using the teamUser and teamGroup options. For more details, refer to the Command Line Guide.