Introduction
- JS7 offers role based access management for access to the JS7 - Browser User Interface and the JS7 - REST Web Service API.
- Any operations on objects such as starting a workflow, suspending orders, viewing logs etc. are assigned JS7 - Default Roles and Permissions that can be freely grouped to roles. A user account can be assigned any number of roles.
- Authorization is performed by a set of JS7 - Identity Services that assign roles to user accounts.
Permissions
JS7 - Default Roles and Permissions are assigned at the following levels:
- JOC Cockpit permissions includes any operations in the GUI or by the underlying REST Web Service.
- The same permissions apply to a user account with any connected JOC Cockpit cluster instance.
- Controller permissions include to deploy objects such as workflows to a Controller and to remove them.
- Permissions are handled per Controller.
- A JOC Cockpit instance can be connected to a number of Controllers, e.g. for production use and for non-production use. User accounts can be assigned different permission sets for Controllers.
- Folder permissions apply any of the above permissions within the scope of a folder hierarchy to objects such as workflows.
- A user account can be assigned permissions from a role to view and to manage objects on a per folder basis.
- This allows management of different user groups, e.g. working for different departments or mandators, with all groups using the same JOC Cockpit instance but without seeing each other's scheduling objects.
Management of Roles and User Accounts
JS7 - Management of User Accounts, Roles and Permissions includes to set up and to maintain the respective configuration items:
- Roles are managed using the JOC Cockpit as they are assigned a set of permissions that are specific for JS7.
- User accounts are managed with the relevant JS7 - Identity Services.
- The assignment of roles to users can be managed using the JOC Cockpit. If the relevant Identity Service offers such capabilities then the assignment can be managed directly from the Identity Provider. For example membership in LDAP Security Groups can be mapped directly to JS7 roles.
Further Resources
Overview
Content Tools