Scope
- The JOC Cockpit implements Authentication and Authorization by a combination of Roles and Permissions.
- Permissions are assigned to Roles which are then assigned to User Accounts.
The JOC Cockpit - Authentication and Authorization article provides a good introduction the Authentication and Authorization.
- This article describes the default Roles and Permissions that are delivered with the JOC Cockpit.
Matrix of Roles and Permissions
The document below shows the default Roles and Permissions delivered with the JOC Cockpit shiro.ini
configuration file. System administrators can define and modify roles and permissions as required.
The purpose of each role is explained in the notes at the foot of the matrix. Of particular interest is the api_user role that is not intended for use with the JOC Cockpit interface but is intended for use with the JobScheduler Web Service from another application. More information can be found in the Authentication and Authorization - Permissions for the JobScheduler REST Web Service article.
- The list with all permissions for use with the
shiro.ini
file: shiro.ini-JOC-Cockpit-permission-list.txt - Roles and Permissions Matrix as file:
Loading
Examples
Allow orders only to be viewed and executed
In this example Order view and execute permissions are granted: by default all other Order Permissions are not granted.
Allow all order operations except changing and removing orders
In this example all Order Permissions are granted and then the Order change and remove Permissions are revoked.
Note that this example uses permissions for the Web Services API - i.e . sos:products:commands:...
.
References
- Authentication and Authorization - Configuration
- Authentication and Authorization - Permissions for the JobScheduler REST Web Service