Product Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 37

changes.mady.by.user Alan Amos

Saved on

compared with

New Version 38

changes.mady.by.user Alan Amos

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: 'Architecture' updated for folder permissions

...

The JobScheduler architecture, which allows use of individual JobScheduler Masters and/or Agents to be used for individual clients, also allows extremely flexible authorization - the allocation of user permissions determining what a user is allowed to do - to be granted according to duties or roles. User are allocated roles which, in turn, contain a set of permissions specifying the operations that can be carried out within the role and the objects that these operations can be carried out on. For example, one role may be allowed to view the status of Jobs and Orders, another role may be allowed to change their state and modify their run times. In addition, role permissions can be restricted to specific folders within a JobScheduler Master configuration. This approach may be contrasted with other systems that allocate rights and permissions purely according to resources such as files or folders.

...

  • It simplifies their administration in complex environments. Whilst the administration of the permissions of several hundred folders in a multi-client system is manageable, the administration of several thousand requires brings an extremely high administrative requirement and error susceptibility.
  • Role-based rights and permissions allow the rights and permissions for individual clients to be managed separately.
  • The clear separation of rights and permissions also simplifies meeting compliance requirements.

...

  • Shiro Authentication:
    • Intended for development and use where security is of relatively low importance.
    • User passwords are saved in plain text in the shiro.ini file, which is unencrypted, in plain text.
  • LDAP Authentication:
    • Intended for use in production environments where LDAP is already in use.
    • The shiro.ini file contains information specifying the LDAP service.
  • Database Authentication:
    • Intended for use in production environments.
    • The shiro.ini file contains information specifying the database authentication service.
    • Authentication information is entered manually in the database by a system administrator.

...

  • System administrators can modify the shiro.ini configuration file by:
    • adding additional roles of their own to the mapping and
    • changing the permissions assigned to roles.
  • It is also possible for system administrators to use a database instead of Shiro authorization. However this involves administrators writing their own SQL Insert statements. We have neither a GUI for this nor is batch support provided.
  • Configuration of the shiro.ini file is described in detail in the Authentication and Authorization - Configuration article.

Viewing a User Profile and its Roles

A user can check the permissions they are currently allocated in the JOC Cockpit. This is done in the User Profile view, which is opened via the user menu User Menu in the top right of the JOC Cockpit window. The following screenshot shows the User Details and Roles information for a user SOS:

...