Groups and Permissions

Learn how to control access within your organization using Cased's groups and permissions feature.

Overview
Cased Shell has built-in groups and permissions which allows organizations to give the right people the right access to specific prompts or containers. Administrators can choose to give access by either the group or user level. In order to manage access, go to the Settings tab and pick "Users and Groups". 

On this page, administrators have total visibility and control over what's happening in their production environment. As shown in the photo, admins can change permissions and view activities for each user or group.

From there, administrators can then write simple JSON policies to give users and groups access. Containers and prompts that users have access to will be present, while the containers they are restricted from will be grayed out.
Features
Some features to note while you are administering these policies are as follows:
Cased will autosave while you write. We save your work after every few characters typed.
Group names and usernames are case insensitive.
We validate your JSON as you work. If there are errors, you will be notified.
If a name has a space in it, enter the exact name. It's a string value.
User level takes priority over group level.
If you are unsure of the available groups your organization has - check the Cased Rails app to see a list of all of them.
When "*" is used to denote one of the labels values, that means that user or group has access to all the prompts that include the key, regardless of its value.
An optional key value pair "_all": true can be used to grant a group/user access to all available prompts.
Arrays can be used to assign groups/users to multiple label values. An example is listed below.
{
  "[email protected]":{
    "email": "[email protected]",
    "labels": {
      "environment": ["development", "production"]
    }
  }
}
User level
{
  "[email protected]":{
    "email": "[email protected]",
    "labels": {
      "environment": "development"
    }
  }
}
To give access at the user level, there are only three things you must have in your policy. The key value, for best practice will be named the same as the email, the user's email, and the labels that they are given access to.
Group level
{
  "devops":{
    "name": "devops",
    "labels": {
      "app": "*",
      "environment": "production"
    }
  }
}
    
To give access at the group level, there are only three things you must have in your policy. The key value, for best practice will be named the same as the group, the group, and the labels that they are given access to.
To grant access to all prompts, use the special _all key:
{
  "devops":{
    "name": "devops",
    "_all": true
  }
}
Giving All Users Permission
To grant access to all users, you can use the special _all key:
{
  "_all":{
    "labels": {
      "environment": "production"
  },
  "name": "_all"
}
This specific example grants access to all users, existing and new, to any "production" prompts.
Ad

Configuration and Admin Tools - Previous

Host and container auto-detection

Next - Configuration and Admin Tools

Persistent, pluggable storage

Last modified 1mo ago