JSon Object for Roles and Permissions

The answer of http://localhost:8080/rest/security/joc_cockpit_permissions is this json object.

The valueOf(right) will be evaluated to the true/false.

To get the value true the user must have a role x that contains the right specified in the brackets.

Example for a shiro.ini configuration file that defines the rights for the role application_manager

Explanation:

If the user is member of the AD group CN=jobscheduler_admin,CN=Roles,CN=ur_dell_partition,DC=localhost the user is mapped to the role application_manager (see ldapRealm.groupRolesMap)

The role application_manager is assigned to the right sos:products:joc_cockpit:jobscheduler_master:view that contains

sos:products:joc_cockpit:jobscheduler_master:view:status and sos:products:joc_cockpit:jobscheduler_master:view:mainlog

shiro.ini with LDAP configuration

[main]
ldapRealm = com.sos.auth.shiro.SOSLdapAuthorizingRealm

ldapRealm.userDnTemplate = cn={0},CN=ur_dell_partition,DC=localhost 
ldapRealm.searchBase = CN=ur_dell_partition,DC=localhost
ldapRealm.contextFactory.url = ldap://localhost:389

ldapRealm.groupNameAttribute=memberOf
ldapRealm.userNameAttribute=cn
ldapRealm.userSearchFilter=(&(objectClass=user)(cn=%s))


# Mapping of a ldap group to roles. You can assign more than one role with seperator sign |
ldapRealm.groupRolesMap = \
"CN=JobScheduler_it_operator,CN=Roles,CN=ur_dell_partition,DC=localhost":"it_operator", \
"CN=jobscheduler_admin,CN=Roles,CN=ur_dell_partition,DC=localhost":"administrator|application_manager"

rolePermissionResolver = com.sos.auth.shiro.SOSPermissionResolverAdapter
rolePermissionResolver.ini = $iniRealm
ldapRealm.rolePermissionResolver = $rolePermissionResolver


securityManager.realms = $ldapRealm
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager

securityManager.sessionManager.globalSessionTimeout = 360000
  
[roles] 
#Permissions can be assigned to roles with a comma seperated list of permissions. Permissions may have * as a wildcard
#admin = sos:products:dashboard:joe,sos:products:dashboard:joc,sos:products:dashboard:events
administrator = sos:products
application_manager = sos:products:joc_cockpit:jobscheduler_master:view, \
                      sos:products:joc_cockpit:jobscheduler_master:manage_categories, \
                      sos:products:joc_cockpit:jobscheduler_master:pause, \
                      sos:products:joc_cockpit:jobscheduler_master:continue, \
                      sos:products:joc_cockpit:jobscheduler_master_cluster:view, \
                      sos:products:joc_cockpit:jobscheduler_universal_agent:view, \
                      sos:products:joc_cockpit:jobscheduler_universal_agent:view, \
                      sos:products:joc_cockpit:daily_plan:view_status, \
                      sos:products:joc_cockpit:history:view, \
                      sos:products:joc_cockpit:order, \
                      sos:products:joc_cockpit:job_chain
                      sos:products:joc_cockpit:job, \
                      sos:products:joc_cockpit:process_class, \
                      sos:products:joc_cockpit:schedule, \
                      sos:products:joc_cockpit:lock, \
                      sos:products:joc_cockpit:event, \
                      sos:products:joc_cockpit:event_action, \
                      sos:products:joc_cockpit:sos:products:joc_cockpit:holiday_calendar, \
                      sos:products:joc_cockpit:maintenance_window:view                      
it_operator = sos:products
incident_manager = sos:products
business_user = sos:products
api_user = sos:products

http://localhost:8080/rest/security/joc_cockpit_permissions

{
  "isAuthenticated": true,
  "user": "SOS01",
  "accessToken": "dfd96e2c-ef7f-4158-acf3-1af98d4407c4",
  "JobschedulerMaster": {
    "view": {
      "status": valueOf(sos:products:joc_cockpit:jobscheduler_master:view:status),
      "mainlog": valueOf(sos:products:joc_cockpit:jobscheduler_master:view:mainlog)
    },
    "pause": valueOf(sos:products:joc_cockpit:jobscheduler_master:pause),
    "continue": valueOf(sos:products:joc_cockpit:jobscheduler_master:continue),
    "restart": {
      "terminate": valueOf(sos:products:joc_cockpit:jobscheduler_master:restart:terminate),
      "abort": valueOf(sos:products:joc_cockpit:jobscheduler_master:restart:abort)
    },
    "terminate": valueOf(sos:products:joc_cockpit:jobscheduler_master:terminate),
    "abort": valueOf(sos:products:joc_cockpit:jobscheduler_master:abort),
    "manageCategories": sos:products:joc_cockpit:jobscheduler_master:manage_categories)
  },
  "JobschedulerMasterCluster": {
    "view": {
      "clusterStatus": valueOf(sos:products:joc_cockpit:jobscheduler_master_cluster:view:cluster_status)
    },
    "terminateFailSafe": valueOf(sos:products:joc_cockpit:jobscheduler_master_cluster:terminate_fail_safe),
    "restart": valueOf(sos:products:joc_cockpit:jobscheduler_master_cluster:terminate_cluster_member:restart),
    "terminate": valueOf(sos:products:joc_cockpit:jobscheduler_master_cluster:terminate_cluster_member:terminate)
  },
  "JobschedulerUniversalAgent": {
    "view": {
      "status": valueOf(sos:products:joc_cockpit:jobscheduler_universal_agent:view:status)
    },
    "terminate": valueOf(sos:products:joc_cockpit:jobscheduler_universal_agent:terminate),
    "abort": valueOf(sos:products:joc_cockpit:jobscheduler_universal_agent:abort),
    "restart": {
      "terminate": valueOf(sos:products:joc_cockpit:jobscheduler_universal_agent:restart:terminate),
      "abort": valueOf(sos:products:joc_cockpit:jobscheduler_universal_agent:restart:abort)
    }
  },
  "DailyPlan": {
    "view": {
      "status": valueOf(sos:products:joc_cockpit:daily_plan:view_status)
    }
  },
  "History": {
    "view": valueOf(sos:products:joc_cockpit:history:view)
  },
  "Order": {
    "view": {
      "configuration": valueOf(sos:products:joc_cockpit:order:view:configuration),
      "orderLog": valueOf(sos:products:joc_cockpit:order:view:order_log),
      "status": valueOf(sos:products:joc_cockpit:order:view:status)
    },
    "change": {
      "startAndEndNode": valueOf(sos:products:joc_cockpit:order:change:start_and_end_node),
      "timeForAdhocOrder": valueOf(sos:products:joc_cockpit:order:change:time_for_adhoc_orders),
      "parameter": valueOf(sos:products:joc_cockpit:order:change:parameter)
    },
    "start": valueOf(sos:products:joc_cockpit:order:start),
    "update": valueOf(sos:products:joc_cockpit:order:update),
    "suspend": valueOf(sos:products:joc_cockpit:order:suspend),
    "resume": valueOf(sos:products:joc_cockpit:order:resume),
    "delete": {
      "temporary": valueOf(sos:products:joc_cockpit:order:delete:temporary)
      "permanent": valueOf(sos:products:joc_cockpit:order:delete:permanent)
      }
    },
    "removeSetback": valueOf(sos:products:joc_cockpit:order:remove_setback)
  },
  "JobChain": {
    "view": {
      "configuration": valueOf(sos:products:joc_cockpit:job_chain:view:configuration),
      "history": valueOf(sos:products:joc_cockpit:job_chain:view:history),
      "status": valueOf(sos:products:joc_cockpit:job_chain:view:status)
    },
    "stop": valueOf(sos:products:joc_cockpit:job_chain:stop),
    "unstop": valueOf(sos:products:joc_cockpit:job_chain:unstop),
    "addOrder": valueOf(sos:products:joc_cockpit:job_chain:add_order),
    "skipJobChainNode": valueOf(sos:products:joc_cockpit:job_chain:skip_jobchain_node),
    "unskipJobChainNode": valueOf(sos:products:joc_cockpit:job_chain:unskip_jobchain_node),
    "stopJobChainNode": valueOf(sos:products:joc_cockpit:job_chain:stop_jobchain_node),
    "unstopJobChainNode": valueOf(sos:products:joc_cockpit:job_chain:unstop_jobchain_node)
  },
  "Job": {
    "view": {
      "status": valueOf(sos:products:joc_cockpit:job:view:status),
      "taskLog": valueOf(sos:products:joc_cockpit:job:view:task_log),
      "configuration": valueOf(sos:products:joc_cockpit:job:view:configuration),
      "history": valueOf(sos:products:joc_cockpit:job:view:history)
    },
    "start": {
      "task": valueOf(sos:products:joc_cockpit:job:start:task),
      "taskImmediately": valueOf(sos:products:joc_cockpit:job:start:task_immediately)
    },
    "stop": valueOf(sos:products:joc_cockpit:job:stop),
    "unstop": valueOf(sos:products:joc_cockpit:job:unstop),
    "terminate": valueOf(sos:products:joc_cockpit:job:terminate),
    "kill": valueOf(sos:products:joc_cockpit:job:kill)
  },
  "ProcessClass": {
    "view": {
      "status": valueOf(sos:products:joc_cockpit:process_class:view:status),
      "configuration": valueOf(sos:products:joc_cockpit:process_class:view:configuration)
    }
  },
  "Schedule": {
    "view": {
      "status": valueOf(sos:products:joc_cockpit:schedule:view:status),
      "configuration": valueOf(sos:products:joc_cockpit:schedule:view:configuration)
    },
    "edit": valueOf(sos:products:joc_cockpit:schedule:edit),
    "addSubstitute": valueOf(sos:products:joc_cockpit:schedule:add_substitute)
  },
  "Lock": {
    "view": {
      "status": valueOf(sos:products:joc_cockpit:lock:view:status),
      "configuration": valueOf(sos:products:joc_cockpit:lock:view:configuration)
    }
  },
  "Event": {
    "view": {
      "status": valueOf(sos:products:joc_cockpit:event:view:status)
    },
    "delete": valueOf(sos:products:joc_cockpit:event:delete)
  },
  "EventAction": {
    "view": {
      "status": valueOf(sos:products:joc_cockpit:event_action:view:status)
    },
    "createEventsManually": valueOf(sos:products:joc_cockpit:event_action:create_event_manually)
  },
  "HolidayCalendar": {
    "view": {
      "status": valueOf(sos:products:joc_cockpit:holiday_calendar:view:status)
    }
  },
  "MaintenanceWindow": {
    "view": {
      "status": valueOf(sos:products:joc_cockpit:maintenance_window:view:status)
    },
    "enableDisableMaintenanceWindow": valueOf(sos:products:joc_cockpit:maintenance_window:enable_disable_mainenance_window)
  },
  "SOSPermissionRoles": {
    "SOSPermissionRole": [
      "application_manager"
    ]
  }
}

Space shortcuts

Page tree