Set group authorization roles

Authorization roles allow users access to application protected by the GIP.

1. Log in to the Console App as administrator.
   The Console App is located at http[s]://host:port/[gas/]ua/r/admin/ConsoleApp.

   Tip:

   Select the Console Application link from the GAS demos page at http[s]://host:port/[gas/]demos.html.

2. Select Groups > Manage groups.
3. From the Group List page, select the group name you created previously in Create a user group and a user.
4. Doubleclick (or click Modify) to open the Group page.
5. Select roles and scopes to give to the group.
   1. Select Role.User, which you can find under the Authorization roles heading.
   2. Make sure the openid scope is selected under the Access scopes heading.
   3. When finished click Save.

   Your group needs to have at least these roles and scopes to access the application you deployed in the task, Deploy and secure an app. Later you will return to this page to select more scopes required for the applications and services users access.

6. Check the roles and scopes the user inherits from the group.
   1. From the Console App main menu, select Users > Manage Users
   2. From the User List, select the user you created in Create a user group and a user.
   3. Doubleclick (or click Modify) to open the User page.
   4. Click Permissions to open the scopes page.

      You should see that the Role.User role, and the openid scope are selected. They appear grayed out to indicate that they are inherited from the group permissions.

7. Open a browser page to start the app deployed in Deploy and secure an app.
   For example, if you deployed the "ggc-quick-start.gar", the "price" application was deployed. You access it at http[s]://host:port/[gas/]ua/r/price:
   At the login page enter the login details for the user you created in Create a user group and a user.
   The user gets access to the app.