• The JOC Cockpit implements Authentication and Authorization by a combination of Roles and Permissions.
  • Permissions are assigned to Roles which are then assigned to User Accounts.
  • The JOC Cockpit - Authentication and Authorization article provides a good introduction the Authentication and Authorization.

  • This article describes the default Roles and Permissions that are delivered with the JOC Cockpit.

Matrix of Roles and Permissions

The document below shows the default Roles and Permissions delivered with the JOC Cockpit shiro.ini configuration file. System administrators can define and modify roles and permissions as required.

The purpose of each role is explained in the notes at the foot of the matrix. Of particular interest is the api_user role that is not intended for use with the JOC Cockpit interface but is intended for use with the JobScheduler Web Service from another application. More information can be found in the Authentication and Authorization - Permissions for the JobScheduler REST Web Service article.



Allow orders only to be viewed and executed

In this example Order view and execute permissions are granted: by default all other Order Permissions are not granted.

Allow orders to be viewed and executed, but no other functions
sos:products:joc_cockpit:order:view, \
sos:products:joc_cockpit:order:execute, \

Allow all order operations except changing and removing orders

In this example all Order Permissions are granted and then the Order change and remove Permissions are revoked.

Note that this example uses permissions for the Web Services API - i.e . sos:products:commands:....

Allow all order operations except changing and removing orders
sos:products:commands:order, \
-sos:products:commands:order:change, \
-sos:products:commands:order:remove, \