As of Tomcat 7.x, the access to the manager has changed:
manager-gui provides access to the status pages and the tomcat manager web console. Accounts with this level of access can do anything through the traditional tomcat manager web console. This includes deploying/undeploying apps, viewing stats, generating leak detection diagnostics, expiring sessions, etc.
manager-script, provides all the functionality that manager-gui provides but using the text interface instead of the html gui. A savvy scripter using curl or some perl/groovy/java/ruby/powershell/python/etc., scripts can do anything that a user with a web browser can do with the tomcat manager HTML console. If you are an app server administrator who loves the command-line, the manager-script role is for you. One item to note is that the context path for the text interface has changed in Tomcat 7 so existing scripts may need to be reworked.
manager-jmx provides access to the jmxproxy, which is something monitoring tools & scripts, administrators, and developers may find useful. In addition, this role also has access to the status pages. Existing scripts should work as-is because, unlike the text interface, the context path for the jmxproxy has not changed.
manager-status provides the users assigned to that role with access to the statistics that tomcat provides like current threads, max threads, etc. Users belonging to this role will be able to access the Status link on the main tomcat index page but will receive a 403 - Access Denied when attempting to access the Tomcat Manager.
Please give CARGO credentials for a user that has manager-script role.