...
| Excerpt |
|---|
The JOC Cockpit brings user authentication and authorization to the JobScheduler. Authentication can either take place against an Apache ShiroTM compliant configuration file, an LDAP compliant directory service or information stored in a database. Authorization is defined in roles - an example set of roles is provided with the JOC Cockpit installation archive and system administrators are able to define roles for their users. The JOC Cockpit is able to handle authentication of multiple users and their authorization for multiple JobSchedulers simultaneously and includes a graphical an editor - the Account Manager Manage Accounts view - for the configuration of authentication and authorization.. |
Architecture
The JobScheduler/ JOC Cockpit architecture allows individual JobScheduler Masters and/or Agents to be used for individual clients, and is described in JOC Cockpit - Architecture article. The authentication and authorization introduced with the JOC Cockpit also allows an extremely flexible set of permissions to be configured for Users.
- Users are allocated one or more roles, with each role containing a set of predefined permissions that specify the operations that can be carried out within the role.
- Roles can be configured for individual JobScheduler Masters.
- In addition, the objects within a JobScheduler Master configuration that can be accessed by a role can also be configured. For example, one role may be allowed to view the status of Jobs and Orders in Folders A and B, another role may be allowed to change the state and modify the run times of the Jobs and Orders in all the Folders. This approach may be contrasted with other systems that allocate rights and permissions purely according to resources such as files or folders.
...
Configuring Roles & Permissions
The JOC Cockpit comes with a graphical editor - the Account Manager - for the configuration of authentication and authorizationManage Accounts view provides an editor for configuring Shiro authentication and authorization and some of its features are illustrated in the screenshot below.
| Display feature availability | ||
|---|---|---|
|
The editor is only available for users with the appropriate permissions including the default root user, who can start configuration of additional users and roles directly after installation.
The Account Manager Manage Accounts view is described in more detail in the JOC Cockpit Account Manager Managing Authentication and Authorization for User Accounts article.
References
- For detailed information how to configure permissions see the Authentication and Authorization - Configuration article.
- For a complete list of permissions see the Authentication and Authorization - Permissions for the JOC Cockpit Web Service article.
...