Overview
Permissions in Cantara are managed through Security Topics, which provide granular control over what users can see and do within the console. Security Topics can be assigned to individual users or to groups, allowing administrators to manage multiple users at once and enforce consistent, role-based access across the platform.
What is a Security Group?
A Security Group is a group of users who share the same access permissions. Groups simplify access management by allowing permissions to be assigned once to a group instead of individually to users.
When a tenant is created, Cantara automatically creates an Owner Security Group with tenant admin level access. The tenant administrator can create additional Security Groups for specific teams or roles, either by setting them up manually in Cantara or through SCIM user provisioning when integrated with an external Identity Provider (IdP).
What is a Security Topic?
A Security Topic defines access to a specific functional area within Cantara, such as Applications, Licenses, Systems, or Components. When a Security Topic is assigned to a Security Group or user, it grants access to that functional area. Security Topics include different levels (or layers) of permission, allowing administrators to control what actions users can perform within that area. This allows administrators to provide granular control over access within Cantara.
Think of Security Groups as ‘WHO’ and Security Topics as ‘WHAT’ they can access.
Why Use Security Groups and Security Topics:
-
Provide precise and consistent access control by grouping users and assigning permissions at the group level.
-
Reduce administrative effort by avoiding the need to manage permissions for each user individually.
-
Support scalable management through IdP integration and SCIM provisioning for externally managed groups.
Managing Security Groups and Security Topics
|
Setup Type |
Security Group Membership |
Security Topic Permissions |
|---|---|---|
|
Local or IdP (SSO) |
Created and managed in Cantara |
Managed in Cantara |
|
IdP (SSO) + SCIM |
Managed in Identity Provider and synchronised into Cantara |
Managed in Cantara |
What’s next?
-
To learn how to set up Security Groups in Cantara, see Create Security Groups in Cantara.
-
To learn how to assign Security Topics to existing Security Groups, see Assign Security Topics.
.png?cb=542d04510ecc98bf3ad394e877e785fd)