Default Groups and Roles

In an enterprise environment, "privileged access" helps designate special access or abilities above and beyond a standard user. For example, privileged access on cidaas allows organizations to secure their applications, run the business efficiently, and maintain their users' sensitive data confidentiality.

Each user created on your app and authenticated on cidaas is given a unique identity within a security realm and is assigned default roles and access scopes & permissions. For efficient security management, cidaas recommends adding users to groups. A group is a collection of users who share common roles and usually perform standard tasks. Groups help manage role-specific tasks more efficiently and quickly.

This section discusses Default Roles and Groups on cidaas and how to configure them for your app in the cidaas Admin UI.

Before that, let's dive into some basics!

What are Roles and Groups on cidaas?

Roles and Groups define special access privileges for your app that uses cidaas and enable the system to recognize users and grant access privileges for the application in the context of the defined group, e.g., Admin users, common users, guest users, etc.

Why is it important to use Group Permissions?

Usually, you control permissions by assigning a role to a user. This role determines what users can view or do on your app when they log into their accounts. If you use groups to control access on your application, you can be relieved from manually adding or removing users individually for specific privileged access on the app.

What is Privileged Access Management on cidaas?

With Privileged Access Management, you can assign users to privileged roles that your Admin can activate for your application as needed for just-in-time access on the cidaas Admin UI.

How to define Privileged Access for Apps based on Groups and Roles?

In each App (Client), you can specify access privileges based on roles and groups. For this, on the cidaas Admin UI, you need to navigate to Apps > App Settings > Edit App > Advance Settings > Groups & Role restriction > Login restriction and follow these steps.

1. Select the Roles option(s) from the list for each of the listed Groups to assign specific role(s) to each group.

  • cidaas - This refers to specific non-admin groups within cidaas.
  • cidaas Admin - This group shall be mapped to roles defining special access privileges of the cidaas admin group. By default, system-defined roles such as SECONDARY ADMIN are listed here.
  • Custom Group - This pertains to the custom group created by the admin to which default or custom user roles are assigned. You need to type in the custom group name you're looking for in the search textbox which will display a selection list.

    After selecting the custom group, select the required roles from the list.

    Multiple roles can be either added to this group or removed.

2. Then, click on the Save button to save your configuration settings.

With this configuration, you can prevent users from logging in to a particular app if they are not assigned the requisite roles or are not included in the groups that have role-specific permissions.

Why do you need Default Roles and Groups?

System administrators utilize groups to limit user access to features of an app or set different levels of access on it.

Sometimes, you might want the user to register on an app, and sometimes you don't. This can be controlled using the correct scope on cidaas which defines permissions for registration and other services.

A new account is created for the user on cidaas using a unique email ID or mobile number during registration. The data collected during registration is automatically mapped to the user's account while the user is automatically assigned default roles within a default group. This ensures that the user has access privileges to start using the essential app functions immediately.

How to Activate Default Groups and Roles for an App on cidaas?

You can activate default groups and roles with the following steps.

1. Navigate to Apps > App Settings > Edit App > Advance Settings > Groups & Role restriction.

To access Advance Settings, click on the Edit icon of the app you wish to configure from the Apps List.

Then, scroll down in the App Settings panel, and click on the Advance Settings button.

2. Here, click on the Groups & Role restriction tab. Under User create & updation restriction, you'll need to switch on the Enable Roles Restriction option so that the relevant groups and roles are assigned during registration.

3. Then, select the Roles option(s) from the list for each of the listed Groups to assign specific role(s) to each group.

  • cidaas - This refers to specific non-admin groups within cidaas.
  • Default cidaas Roles - This refers to the default non-admin groups within cidaas.
  • cidaas Admin - This group shall be mapped to roles defining special access privileges of the cidaas admin group. By default, system-defined roles such as SECONDARY ADMIN are listed here.
  • Default cidaas Admin Roles - This pertains to the default cidaas Admin group.
  • Custom Group - This pertains to the custom group created by the admin to which default user roles or custom user roles are assigned. You need to type in the custom group name you're looking for in the search textbox which will display a selection list.

    After selecting the custom group, select the required roles from the list.

    Multiple roles can be either added to this group or removed.

  • Default Roles - This pertains to the default group created by the admin for a user group within their organization. The list of Default Roles that will appear for selection depends on the roles assigned to the selected Custom Group (previous option).

4. Finally, click on the Save button to save your configuration settings.

Important Considerations

  1. Only allowed roles can be assigned to a new user during registration. You need to configure the allowed and default roles in the Admin UI so that the user receives this particular group + role combination.
  2. Please do not add cidaas Admin Roles per default or custom admin roles per default without deep consideration.
  3. If you pass additional groups and roles in the API, those will supersede default roles and groups while assigning to the user.


If you need help in configuring this set-up or for any other assistance, please visit our support page. Thank you!


results matching ""

    No results matching ""