Set group authorization scopes

Authorization scopes allow users access to application protected by the GIP.

Authorization scopes are scopes to manage access to applications protected by the GIP. They are used to establish the user's identity and define the access level. For more information on authorization scopes, see Groups are not Authorization Scopes.

From the Console App, you can set authorization scopes for users by assigning scopes to the group.

  1. Log in to the Console App as administrator.
    The Console App is located at http[s]://host:port/[gas/]ua/r/admin/ConsoleApp.
    Tip:

    Select the Console Application link from the GAS demos page at http[s]://host:port/[gas/]demos.html.

  2. Select Groups > Manage groups.
  3. From the Group List page, select the group name you created previously in Create a user group and a user.
  4. Doubleclick (or click Modify) to open the Group page.
  5. Select scopes to give to the group.
    1. Select Role.User, which you can find by looking for "Authorization" in the API column, and "Role.User" in the Scope column.
    2. Make sure the openid scope is selected.
    3. When finished click Save.

    Your group needs to have at least these scopes to access the application you deployed in the task, Deploy and secure an app. Later you will return to this page to select more scopes required for the applications and services users access.

  6. Check the scopes the user inherits from the group.
    1. From the Console App main menu, select Users > Manage Users
    2. From the User List, select the user you created in Create a user group and a user.
    3. Doubleclick (or click Modify) to open the User page.
    4. Click Permissions to open the scopes page.

      You should see that the Role.User, and the openid scopes are selected. They appear grayed out to indicate that these scopes are inherited from the group permissions.

  7. Open a browser page to start the app deployed in Deploy and secure an app.
    For example, if you deployed the "ggc-quick-start.gar", the "price" application was deployed. You access it at http[s]://host:port/[gas/]ua/r/price:
    At the login page enter the login details for the user you created in Create a user group and a user.
    The user gets access to the app.