- Created by Uwe Risse, last modified by Alan Amos on Nov 15, 2016
You are viewing an old version of this page. View the current version.
Compare with Current View Page History
« Previous Version 7 Next »
JSON Answer with the permissions of an user
The answer of http://localhost:8080/rest/security/joc_cockpit_permissions is this JSON object.
The valueOf(right)
will be evaluated to the true/false
.
To get the value true the user must have a role x that contains the right specified in the brackets.
{ "isAuthenticated": true, "user": "SOS01", "accessToken": "dfd96e2c-ef7f-4158-acf3-1af98d4407c4", "JobschedulerMaster": { "view": { "status": valueOf(sos:products:joc_cockpit:jobscheduler_master:view:status), "mainlog": valueOf(sos:products:joc_cockpit:jobscheduler_master:view:mainlog) }, "pause": valueOf(sos:products:joc_cockpit:jobscheduler_master:pause), "continue": valueOf(sos:products:joc_cockpit:jobscheduler_master:continue), "restart": { "terminate": valueOf(sos:products:joc_cockpit:jobscheduler_master:restart:terminate), "abort": valueOf(sos:products:joc_cockpit:jobscheduler_master:restart:abort) }, "terminate": valueOf(sos:products:joc_cockpit:jobscheduler_master:terminate), "abort": valueOf(sos:products:joc_cockpit:jobscheduler_master:abort), "manageCategories": sos:products:joc_cockpit:jobscheduler_master:manage_categories) }, "JobschedulerMasterCluster": { "view": { "clusterStatus": valueOf(sos:products:joc_cockpit:jobscheduler_master_cluster:view:cluster_status) }, "terminateFailSafe": valueOf(sos:products:joc_cockpit:jobscheduler_master_cluster:terminate_fail_safe), "restart": valueOf(sos:products:joc_cockpit:jobscheduler_master_cluster:terminate_cluster_member:restart), "terminate": valueOf(sos:products:joc_cockpit:jobscheduler_master_cluster:terminate_cluster_member:terminate) }, "JobschedulerUniversalAgent": { "view": { "status": valueOf(sos:products:joc_cockpit:jobscheduler_universal_agent:view:status) }, "terminate": valueOf(sos:products:joc_cockpit:jobscheduler_universal_agent:terminate), "abort": valueOf(sos:products:joc_cockpit:jobscheduler_universal_agent:abort), "restart": { "terminate": valueOf(sos:products:joc_cockpit:jobscheduler_universal_agent:restart:terminate), "abort": valueOf(sos:products:joc_cockpit:jobscheduler_universal_agent:restart:abort) } }, "DailyPlan": { "view": { "status": valueOf(sos:products:joc_cockpit:daily_plan:view_status) } }, "History": { "view": valueOf(sos:products:joc_cockpit:history:view) }, "Order": { "view": { "configuration": valueOf(sos:products:joc_cockpit:order:view:configuration), "orderLog": valueOf(sos:products:joc_cockpit:order:view:order_log), "status": valueOf(sos:products:joc_cockpit:order:view:status) }, "change": { "startAndEndNode": valueOf(sos:products:joc_cockpit:order:change:start_and_end_node), "timeForAdhocOrder": valueOf(sos:products:joc_cockpit:order:change:time_for_adhoc_orders), "parameter": valueOf(sos:products:joc_cockpit:order:change:parameter) }, "start": valueOf(sos:products:joc_cockpit:order:start), "update": valueOf(sos:products:joc_cockpit:order:update), "suspend": valueOf(sos:products:joc_cockpit:order:suspend), "resume": valueOf(sos:products:joc_cockpit:order:resume), "delete": { "temporary": valueOf(sos:products:joc_cockpit:order:delete:temporary) "permanent": valueOf(sos:products:joc_cockpit:order:delete:permanent) } }, "removeSetback": valueOf(sos:products:joc_cockpit:order:remove_setback) }, "JobChain": { "view": { "configuration": valueOf(sos:products:joc_cockpit:job_chain:view:configuration), "history": valueOf(sos:products:joc_cockpit:job_chain:view:history), "status": valueOf(sos:products:joc_cockpit:job_chain:view:status) }, "stop": valueOf(sos:products:joc_cockpit:job_chain:stop), "unstop": valueOf(sos:products:joc_cockpit:job_chain:unstop), "addOrder": valueOf(sos:products:joc_cockpit:job_chain:add_order), "skipJobChainNode": valueOf(sos:products:joc_cockpit:job_chain:skip_jobchain_node), "unskipJobChainNode": valueOf(sos:products:joc_cockpit:job_chain:unskip_jobchain_node), "stopJobChainNode": valueOf(sos:products:joc_cockpit:job_chain:stop_jobchain_node), "unstopJobChainNode": valueOf(sos:products:joc_cockpit:job_chain:unstop_jobchain_node) }, "Job": { "view": { "status": valueOf(sos:products:joc_cockpit:job:view:status), "taskLog": valueOf(sos:products:joc_cockpit:job:view:task_log), "configuration": valueOf(sos:products:joc_cockpit:job:view:configuration), "history": valueOf(sos:products:joc_cockpit:job:view:history) }, "start": { "task": valueOf(sos:products:joc_cockpit:job:start:task), "taskImmediately": valueOf(sos:products:joc_cockpit:job:start:task_immediately) }, "stop": valueOf(sos:products:joc_cockpit:job:stop), "unstop": valueOf(sos:products:joc_cockpit:job:unstop), "terminate": valueOf(sos:products:joc_cockpit:job:terminate), "kill": valueOf(sos:products:joc_cockpit:job:kill) }, "ProcessClass": { "view": { "status": valueOf(sos:products:joc_cockpit:process_class:view:status), "configuration": valueOf(sos:products:joc_cockpit:process_class:view:configuration) } }, "Schedule": { "view": { "status": valueOf(sos:products:joc_cockpit:schedule:view:status), "configuration": valueOf(sos:products:joc_cockpit:schedule:view:configuration) }, "edit": valueOf(sos:products:joc_cockpit:schedule:edit), "addSubstitute": valueOf(sos:products:joc_cockpit:schedule:add_substitute) }, "Lock": { "view": { "status": valueOf(sos:products:joc_cockpit:lock:view:status), "configuration": valueOf(sos:products:joc_cockpit:lock:view:configuration) } }, "Event": { "view": { "status": valueOf(sos:products:joc_cockpit:event:view:status) }, "delete": valueOf(sos:products:joc_cockpit:event:delete) }, "EventAction": { "view": { "status": valueOf(sos:products:joc_cockpit:event_action:view:status) }, "createEventsManually": valueOf(sos:products:joc_cockpit:event_action:create_event_manually) }, "HolidayCalendar": { "view": { "status": valueOf(sos:products:joc_cockpit:holiday_calendar:view:status) } }, "MaintenanceWindow": { "view": { "status": valueOf(sos:products:joc_cockpit:maintenance_window:view:status) }, "enableDisableMaintenanceWindow": valueOf(sos:products:joc_cockpit:maintenance_window:enable_disable_mainenance_window) }, "SOSPermissionRoles": { "SOSPermissionRole": [ "application_manager" ] } }
LDAP Configuration Example
Example for a shiro.ini configuration file that defines the rights for the role application_manager
Explanation:
If the user is member of the AD group CN=jobscheduler_admin,CN=Roles,CN=ur_dell_partition,DC=localhost
the user is mapped to the role application_manager (
see ldapRealm.groupRolesMap)
The role application_manager
is assigned to the right sos:products:joc_cockpit:jobscheduler_master:view
that contains
sos:products:joc_cockpit:jobscheduler_master:view:status
and sos:products:joc_cockpit:jobscheduler_master:view:mainlog
[main] ldapRealm = com.sos.auth.shiro.SOSLdapAuthorizingRealm ldapRealm.userDnTemplate = cn={0},CN=ur_dell_partition,DC=localhost ldapRealm.searchBase = CN=ur_dell_partition,DC=localhost ldapRealm.contextFactory.url = ldap://localhost:389 ldapRealm.groupNameAttribute=memberOf ldapRealm.userNameAttribute=cn ldapRealm.userSearchFilter=(&(objectClass=user)(cn=%s)) # Mapping of a ldap group to roles. You can assign more than one role with seperator sign | ldapRealm.groupRolesMap = \ "CN=JobScheduler_it_operator,CN=Roles,CN=ur_dell_partition,DC=localhost":"it_operator", \ "CN=jobscheduler_admin,CN=Roles,CN=ur_dell_partition,DC=localhost":"administrator|application_manager" rolePermissionResolver = com.sos.auth.shiro.SOSPermissionResolverAdapter rolePermissionResolver.ini = $iniRealm ldapRealm.rolePermissionResolver = $rolePermissionResolver securityManager.realms = $ldapRealm cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager securityManager.cacheManager = $cacheManager securityManager.sessionManager.globalSessionTimeout = 360000 [roles] #Permissions can be assigned to roles with a comma seperated list of permissions. Permissions may have * as a wildcard #admin = sos:products:dashboard:joe,sos:products:dashboard:joc,sos:products:dashboard:events administrator = sos:products application_manager = sos:products:joc_cockpit:jobscheduler_master:view, \ sos:products:joc_cockpit:jobscheduler_master:manage_categories, \ sos:products:joc_cockpit:jobscheduler_master:pause, \ sos:products:joc_cockpit:jobscheduler_master:continue, \ sos:products:joc_cockpit:jobscheduler_master_cluster:view, \ sos:products:joc_cockpit:jobscheduler_universal_agent:view, \ sos:products:joc_cockpit:jobscheduler_universal_agent:view, \ sos:products:joc_cockpit:daily_plan:view_status, \ sos:products:joc_cockpit:history:view, \ sos:products:joc_cockpit:order, \ sos:products:joc_cockpit:job_chain sos:products:joc_cockpit:job, \ sos:products:joc_cockpit:process_class, \ sos:products:joc_cockpit:schedule, \ sos:products:joc_cockpit:lock, \ sos:products:joc_cockpit:event, \ sos:products:joc_cockpit:event_action, \ sos:products:joc_cockpit:sos:products:joc_cockpit:holiday_calendar, \ sos:products:joc_cockpit:maintenance_window:view it_operator = sos:products incident_manager = sos:products business_user = sos:products api_user = sos:products
Simple ini configuration Example
In this example, a user root
with the password secret
is defined. The user have the roles application_manager,it_operator,incident_manager,business_user
[users] root=secret, application_manager,it_operator,incident_manager,business_user [roles] #Permissions can be assigned to roles with a comma seperated list of permissions. Permissions may have * as a wildcard #admin = sos:products:dashboard:joe,sos:products:dashboard:joc,sos:products:dashboard:events administrator = sos:products application_manager = sos:products:joc_cockpit:jobscheduler_master:view, \ sos:products:joc_cockpit:jobscheduler_master:manage_categories, \ sos:products:joc_cockpit:jobscheduler_master:pause, \ sos:products:joc_cockpit:jobscheduler_master:continue, \ sos:products:joc_cockpit:jobscheduler_master_cluster:view, \ sos:products:joc_cockpit:jobscheduler_universal_agent:view, \ sos:products:joc_cockpit:jobscheduler_universal_agent:view, \ sos:products:joc_cockpit:daily_plan:view_status, \ sos:products:joc_cockpit:history:view, \ sos:products:joc_cockpit:order, \ sos:products:joc_cockpit:job_chain sos:products:joc_cockpit:job, \ sos:products:joc_cockpit:process_class, \ sos:products:joc_cockpit:schedule, \ sos:products:joc_cockpit:lock, \ sos:products:joc_cockpit:event, \ sos:products:joc_cockpit:event_action, \ sos:products:joc_cockpit:sos:products:joc_cockpit:holiday_calendar, \ sos:products:joc_cockpit:maintenance_window:view it_operator = sos:products incident_manager = sos:products business_user = sos:products api_user = sos:products [main] securityManager.sessionManager.globalSessionTimeout = 60000
- No labels