Introduction
The JOC Cockpit comes with a graphical editor for Managing Authentication and Authorization Accounts - the Account Manager.
FEATURE AVAILABILITY STARTING FROM RELEASE 1.11.2
Authentication can either take place against an Apache ShiroTM compliant configuration file, an LDAP compliant directory service or information stored in a database. The Authentication and Authorization - Configuration article describes the configuration of the Shiro configuration file in detail - this article describes how the Account Manager is used to edit the Shiro configuration file to create Users and Roles and allocate Permissions.
Permissions
The following permissions grant access to the Manage Accounts section of the JOC Cockpit:
sos:products:joc_cockpit:jobscheduler_master:administration:edit_permissions sos:products:joc_cockpit:jobscheduler_master:administration:remove_old_instances
In the default configuration delivered with the JOC Cockpit archive these permissions are allocated to the administrator and root roles.
Using the Accounts Manager
The Manage Accounts section of the JOC Cockpit is accessed via the Profile Menu as shown in the screenshot below.
The Account Manager has three main Views:
- Accounts: for the configuration of User Accounts
- Masters: for configuring the JobScheduler Masters that can be accessed by a Role
- Permissions: for configuring access to Folders and the Permissions for a Role
These views will be described in the following sections.
The Accounts View
The Accounts View is the view that is opened first when a User selects Manage Accounts.
The above screenshot shows the default root account which is active after installation of the JOC Cockpit and a number of custom Accounts, each configured with a single Role.
The Account Edit function allows the account name to be modified and Roles to be added as shown in the next screenshot.
The Masters View
The Masters allows Roles to be configured and, if required, made specific to one or more particular JobScheduler Masters.
The above screen shows the default roles that are applicable for all JobScheduler Masters as they are delivered in the JOC Cockpit installation archive. In addition, the following configurations have been added:
- A role jocc_test had been added with potential access to all JobScheduler Masters.
- Two JobSchedulers Masters have been specified and roles specific to these JobSchedulers configured:
- An api_test Role has been created whose permissions are restricted to the JobScheduler Master with ID jobscheduler_1.11.
- The default application_manager Role has been configured prior to being given or losing permissions specifically for the jobscheduler_1.11_cluster.
- Note that if no such permissions are specified for this relationship then this configuration will be removed when the current user leaves the Managing Accounts view.
The Permissions View
The Permissions view is accessed by clicking on a Role in the Master view as indicated in the screenshot above.
The Permissions view allows Permissions and Folders to be specified for individual Roles:
- either restricting the Role to accessing specific Folders within the
livefolder of the JobScheduler Master.- Note that the default setting is that a Role is allowed access to all Folders - however, after a first folder is specified, the Role will only be able to access that one Folder.
- granting or removing Permissions for the Role.
- Note that the default Permissions are none and that permissions can be granted and removed.
In the screenshot above the application_manager Role:
- is only allowed to access the test Folder and all its child folders on the jobscheduler_1.11_cluster.
- has been given the sos:products:joc_cockpit:jobscheduler_master:view permission for the jobscheduler_1.11_cluster - this is a higher permission than the default sos:products:joc_cockpit:jobscheduler_master:view permission and allows not just the default status but also parameters and the main log for this JobScheduler Master to be viewed.