Privileges
Prev Chapter 5. Security Next

Privileges

Privileges are used to control access to specific resources, for example administrative commands.

Privileges are granted to roles. Each role defines a set of privileges associated with a specific resource. The only valid privilege for administration commands is AdminRunCommand. The AdminRunCommand privilege indicates that the command specified as a resource can be executed by the associated role. Administrative command resource names are specified as <target>.<command>. Other resource types support different privileges and resource naming conventions.

Roles and their associated privileges are defined using configuration. For example, the following configuration file allows the administrator role to run the start mytarget and stop mytarget administrative commands, and the monitor role to run the display mytarget command.

name = "my-target-role-mappings"
version = "1.0.0"
type = "com.tibco.ep.dtm.configuration.security"
configuration =
{
    RoleToPrivilegeMappings =
    {
        privileges =
        {
            administrator =
            [
                {
                      resource = "mytarget.start"
                      privilege = "AdminRunCommand"
                },
                {
                      resource = "mytarget.stop"
                      privilege = "AdminRunCommand"
                }
            ]
            monitor = 
            [
                {
                      resource = "mytarget.display"
                      privilege = "AdminRunCommand"
                }
            ]
        }
    }
}

Once the above configuration is activated, the security service will enforce that only principals who have been assigned the administrator role are allowed to run the start mytarget and stop mytarget commands and those who have been assigned the monitor role are allowed to run the display mytarget command.

[Warning]

Failing to grant privileges to an administration command will prevent those commands from being run by any principal.

Roles

The security service supports a set of predefined roles that are used to grant privileges to principals.

The predefined roles are:

  • administrator - allows modification of the operational state of a node. This includes control of a node's lifecycle, e.g. Installation, starting, stopping, and removal.

  • monitor - allows monitoring of the operational state of a node.

Each of these roles is described in more detail below.

administrator

The administrator role assigns administrative privileges to principals. The administrator role is automatically granted to the user who installed the node. That user always has full administrative control of the node when logged in on the same host. All operations which modify the operational behavior of a node may only be executed by principals which have administrator role privileges. Operational control of a node occurs via epadmin and JMX. This role should be granted to principals that can perform operations that modify the node state.

monitor

The monitor role assigns system monitoring privileges to principals. This role is granted execute permission to all display-type administrative operations. Consequently, this role should be granted to principals who can monitor node status. Such principals will be able to display the state of a node, but will be unable to execute administrative operations which change the operational state of the node.

Prev Up Next
Authentication realms Home Administration