Page History

...

• Shiro Authentication:
  • Using a mapping of roles to permissions stored in the local shiro.ini configuration file.
• LDAP Authentication:
  • Using a configurable LDAP query that checks determines membership of the user with a number of an Active Directory groups. An LDAP query is configured for each role and in case of a positive match for group membership the user is assigned a relevant rolegroup. The Active Directory group is the mapped onto one or more Shiro roles. This role is then mapped onto a set of permissions using information stored in the local shiro.ini configuration file.
• Database Authentication:
  • Using a Hibernate query to check the user's role(s) against a table of roles and permissions stored in the same database as used for authentication.

...

• System administrators can modify the shiro.ini configuration file by:
  • add adding additional roles of their own to the mapping and
  • change changing the permissions assigned to roles.
• System administrators wishing It is also possible for system administrators to use database authorization can copy this mapping into database tablesinstead of Shiro authorization. However this involves administrators writing their own SQL Insert statements. We have neither a GUI for this nor is batch support provided.
• Configuration of the shiro.ini file is described in detail in the Authentication and Authorization - Configuration article.

...

This view is read-only for all users - changes can only be made by a system administrator modifying the authentication and authorization configuration Authentication and Authorization - Configuration.

References

• For detailed information how to configure permissions see the Authentication and Authorization - Configuration article.
• For a complete list of permissions see the Authentication and Authorization - Permissions for the JOC Cockpit article.

...