Product Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 54

changes.mady.by.user Uwe Risse

Saved on

compared with

New Version 55

changes.mady.by.user Alan Amos

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: 'Architecture' updated

...

Excerpt

The JOC Cockpit brings user authentication and authorization to the JobScheduler.

Authentication can either take place against an Apache ShiroTM compliant configuration file, an LDAP compliant directory service or information stored in a database.

Authorization is defined in Roles and Permissions and an example set of Roles and Permissions is provided with the JOC Cockpit installation. System administrators are able to define their own User Roles and Permission sets as required.

The JOC Cockpit is able to handle authentication of multiple users and their authorization for multiple JobSchedulers simultaneously and includes an editor in the Manage Accounts view for the configuration of authentication and authorization.

Architecture

The JobScheduler/ JOC Cockpit architecture allows JOC Cockpit Authentication and Authorization is provided as a part of the JobScheduler Web Services. These services are provided independently of any JobScheduler instances and this functional independence allows, for example, scalability (see the JOC Cockpit Clusters section below) as well as enabling individual JobScheduler Masters and/or Agents to be used for individual clients and a . A more description of the JobScheduler / JOC Cockpit architecture is provided in the JOC Cockpit - Architecture article.

The authentication and authorization introduced with the JOC Cockpit also Authentication and Authorization allows an extremely flexible set of permissions to be configured for Users.:

  • Users User Accounts are allocated one or more Roles, with each Role containing a set of predefined Permissions that specify the operations that can be carried out within the role.
  • Roles can be configured for individual JobScheduler Masters.
  • In addition, the objects within a JobScheduler Master configuration that can be accessed by a Role can also be configured. For example, one Role may be allowed to view the status of Jobs and Orders in Folders A and B, another Role may be allowed to change the state and modify the run times of the Jobs and Orders in all Folders. This approach may be contrasted with other systems that allocate rights and permissions purely according to resources such as files or folders.

The This use of role-based permissions brings a number of significant advantages:

  • It simplifies administration in complex environments. Whilst the administration of the permissions of several hundred folders in a multi-client system is manageable, the administration of several thousand requires brings an extremely high administrative requirement and error susceptibility.
  • Role-based permissions allow the permissions for individual clients to be managed separately.
  • The clear separation of permissions also simplifies meeting compliance requirements.

...

Anchor
cluster
cluster

JOC Cockpit Clusters

Multiple instances of the JobScheduler Web Services can be synchronized to provide a high availability cluster. (Feature available with Release 1.12.1 and newer)

To enable the JOC Cluster

...