[users]
gauss=, application_manager, my_role
newton=, incident_manager, my_role
[main]
# Public LDAP Server for testing purposes
# see http://www.forumsys.com/en/tutorials/integration-how-to/ldap/online-ldap-test-server/
# Active Directory realm configuration
# See http://shiro.apache.org/static/current/apidocs/org/apache/shiro/realm/activedirectory/ActiveDirectoryRealm.html
ldapRealm = com.sos.auth.shiro.SOSLdapAuthorizingRealm
ldapRealm.userDnTemplate = uid={0},dc=example,dc=com
ldapRealm.searchBase = dc=example,dc=com
ldapRealm.contextFactory.url = ldap://ldap.forumsys.com:389
ldapRealm.groupNameAttribute=ou
ldapRealm.userNameAttribute=uid
ldapRealm.userSearchFilter=(uniqueMember=uid=%s,dc=example,dc=com)
# Mapping of a LDAP group to roles. You can assign more than one role with separator sign |
# In this example the LDAP group mapping is commented out. The user gauss will have the roles application_manager and my_role.
# You can mix both role sources, the shiro.ini file and the LDAP group mapping.
# ldapRealm.groupRolesMap = \
# "scientists":"it_operator", \
# "mathematicians":"administrator|application_manager"
rolePermissionResolver = com.sos.auth.shiro.SOSPermissionResolverAdapter
rolePermissionResolver.ini = $iniRealm
ldapRealm.rolePermissionResolver = $rolePermissionResolver
securityManager.realms = $ldapRealm
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager
# Session timeout in milliseconds
securityManager.sessionManager.globalSessionTimeout = 360000
[roles]
# Permissions can be assigned to roles with a comma separated list of permissions. Permissions may have * as a wildcard
all = sos:products
administrator = sos:products:joc_cockpit:jobscheduler_master:view, \
sos:products:joc_cockpit:jobscheduler_master:execute:pause, \
sos:products:joc_cockpit:jobscheduler_master:execute:continue, \
sos:products:joc_cockpit:jobscheduler_master:execute:restart, \
sos:products:joc_cockpit:jobscheduler_master:execute:terminate, \
sos:products:joc_cockpit:jobscheduler_master:execute:abort, \
sos:products:joc_cockpit:jobscheduler_master:administration:edit_permissions, \
sos:products:joc_cockpit:jobscheduler_master:administration:remove_old_instances, \
sos:products:joc_cockpit:jobscheduler_master_cluster, \
sos:products:joc_cockpit:jobscheduler_universal_agent
application_manager = sos:products:joc_cockpit:jobscheduler_master:view, \
sos:products:joc_cockpit:jobscheduler_master:execute:pause, \
sos:products:joc_cockpit:jobscheduler_master:execute:continue, \
sos:products:joc_cockpit:jobscheduler_master:administration:manage_categories, \
sos:products:joc_cockpit:jobscheduler_master_cluster:view:status, \
sos:products:joc_cockpit:jobscheduler_universal_agent:view:status, \
sos:products:joc_cockpit:daily_plan:view:status, \
sos:products:joc_cockpit:history:view, \
sos:products:joc_cockpit:order:view:status, \
sos:products:joc_cockpit:job_chaindaily_plan:view:status, \
sos:products:joc_cockpit:jobhistory:view, \
sos:products:joc_cockpit:process_classorder, \
sos:products:joc_cockpit:schedulejob_chain, \
sos:products:joc_cockpit:lockjob, \
sos:products:joc_cockpit:eventprocess_class, \
sos:products:joc_cockpit:event_actionschedule, \
sos:products:joc_cockpit:holiday_calendar:view:statuslock, \
sos:products:joc_cockpit:maintenance_window:viewevent, \
sos:products:joc_cockpit:maintenance_window:enable_disable_maintenance_windowevent_action, \
sos:products:joc_cockpit:auditholiday_logcalendar:view:status, \
sos:products:joc_cockpit:customization:share
it_operator = sos:products:joc_cockpit:jobscheduler_master:maintenance_window:view, \
sos:products:joc_cockpit:jobscheduler_master_cluster:view:status:maintenance_window:enable_disable_maintenance_window, \
sos:products:joc_cockpit:jobscheduleraudit_universal_agentlog:view:status, \
sos:products:joc_cockpit:daily_plan:view:status, \
customization:share
it_operator = sos:products:joc_cockpit:historyjobscheduler_master:view, \
sos:products:joc_cockpit:orderjobscheduler_master_cluster:view:status, \
sos:products:joc_cockpit:job_chainjobscheduler_universal_agent:view:status, \
sos:products:joc_cockpit:jobdaily_plan:view:status, \
sos:products:joc_cockpit:process_classhistory:view, \
sos:products:joc_cockpit:scheduleorder, \
sos:products:joc_cockpit:lockjob_chain, \
sos:products:joc_cockpit:eventjob, \
sos:products:joc_cockpit:eventprocess_actionclass, \
sos:products:joc_cockpit:holiday_calendar:view:statusschedule, \
sos:products:joc_cockpit:maintenance_window:viewlock, \
sos:products:joc_cockpit:audit_log:view:statusevent, \
sos:products:joc_cockpit:customization:share:view
incident_manager = sos:products:joc_cockpit:jobscheduler_master:viewevent_action, \
sos:products:joc_cockpit:jobschedulerholiday_master_clustercalendar:view:status, \
sos:products:joc_cockpit:jobschedulermaintenance_universal_agentwindow:view:status, \
sos:products:joc_cockpit:dailyaudit_planlog:view:status, \
, \
sos:products:joc_cockpit:customization:share:view
incident_manager = sos:products:joc_cockpit:historyjobscheduler_master:view, \
sos:products:joc_cockpit:orderjobscheduler_master_cluster:view:status, \
sos:products:joc_cockpit:order:remove_setbackjobscheduler_universal_agent:view:status, \
sos:products:joc_cockpit:jobdaily_chainplan:view:status, \
sos:products:joc_cockpit:jobhistory:view, \
sos:products:joc_cockpit:process_classorder:view, \
sos:products:joc_cockpit:scheduleorder:viewremove_setback, \
sos:products:joc_cockpit:lockjob_chain:view, \
sos:products:joc_cockpit:eventjob:view, \
sos:products:joc_cockpit:eventprocess_actionclass:view, \
sos:products:joc_cockpit:holiday_calendarschedule:view:status, \
sos:products:joc_cockpit:maintenance_windowlock:view, \
sos:products:joc_cockpit:audit_logevent:view:status, \
sos:products:joc_cockpit:customization:share:view
business_user = sos:products:joc_cockpit:jobscheduler_master:view:statusevent_action:view, \
sos:products:joc_cockpit:jobschedulerholiday_master_clustercalendar:view:status, \
sos:products:joc_cockpit:jobschedulermaintenance_universal_agentwindow:view:status, \
sos:products:joc_cockpit:dailyaudit_planlog:view:status, \
sos:products:joc_cockpit:history:viewcustomization:share:view
business_user = sos:products:joc_cockpit:jobscheduler_master:view:status, \
sos:products:joc_cockpit:orderjobscheduler_master_cluster:view:status, \
sos:products:joc_cockpit:orderjobscheduler_universal_agent:view:order_logstatus, \
sos:products:joc_cockpit:jobdaily_chainplan:view:status, \
sos:products:joc_cockpit:job_chainhistory:view:history, \
sos:products:joc_cockpit:joborder:view:status, \
sos:products:joc_cockpit:joborder:view:historyorder_log, \
sos:products:joc_cockpit:job_chain:view:task_logstatus, \
sos:products:joc_cockpit:processjob_classchain:view:statushistory, \
sos:products:joc_cockpit:schedulejob:view:status, \
sos:products:joc_cockpit:lockjob:view:statushistory, \
sos:products:joc_cockpit:holiday_calendarjob:view:statustask_log, \
sos:products:joc_cockpit:maintenanceprocess_windowclass:view:status, \
sos:products:joc_cockpit:audit_logschedule:view:status, \
sos:products:joc_cockpit:customizationlock:share:view
view:status, \
api_user = sos:products:commandsjoc_cockpit:jobschedulerholiday_mastercalendar:view:status, \
sos:products:commands:historyjoc_cockpit:maintenance_window:view:status, \
sos:products:commands:orderjoc_cockpit:audit_log:view:status, \
sos:products:commands:job_chain, \joc_cockpit:customization:share:view
sos:products:commands:job, \
api_user -= sos:products:commands:jobjobscheduler_master:view:configurationstatus, \
-sos:products:commands:job_chainhistory:view:configuration, \
-sos:products:commands:order:view:configuration, \
-sos:products:commands:order:removejob_setbackchain, \
sos:products:commands:process_class:view:statusjob, \
-sos:products:commands:schedulejob:view:statusconfiguration, \
-sos:products:commands:lockjob_chain:view:statusconfiguration, \
-sos:products:commands:holiday_calendarorder:view:statusconfiguration, \
-sos:products:commands:order:maintenance_window:view:status
my_roleremove_setback, \
= sos:products:commands:jobschedulerprocess_masterclass:view:status, \
sos:products:joc_cockpitcommands:historyschedule:view:status, \
sos:products:joc_cockpitcommands:orderlock:view:status |