...
- Accounts: for the configuration of User Accounts. Accounts configured here use shiro name / password Authentication.
- Note that while Shiro authentication is not as secure as, for example, LDAP, it provides a convenient basis for configuring a authorization in a test environment.
- See the JOC Cockpit - Authentication and Authorization article for more information about shiro and other methods of authentication that can be used with the JOC Cockpit.
- Masters: for configuring the JobScheduler Masters that can be accessed by a Role
- Permissions: for configuring access to Folders and the Permissions for a Role
These views will be described in the following sections.
Note that changes made using the Manage Accounts view are implemented immediately in the JOC Cockpit - it is not necessary to carry out a restart of the Cockpit as it is when changes are made directly in the shiro.ini file.
The Accounts View
The Accounts view is the view that is opened first when a User selects the Manage Accounts view.
The above screenshot shows the default root account User Account view which is active after installation of the JOC Cockpit.
The Create Account button is used to open a modal window to add a new User Account - clicking on the additional option (ellipsis) symbol or the Account name brings the user to the Master view (described below) where the Account name, password and roles allocated can be edited.
The Masters View
The main purpose of the Masters view is to allow Master JobSchedulers Roles to be configured.
...
Individual scope of Permissions can be edited and they can be removed from the Role using the pencil and X symbols that are blended in when the user's mouse is moved over a permission.
The Folder part of the view is for restricting the Role to accessing particular Folders - and thereby particular Jobs, Job Chains, etc - within a JobScheduler Master's live folder and will be described later.
Editing Permissions will also be described later.
Basic Configuration
Adding
...
User Accounts and Roles
The following example describes the addition of User Accounts to the JOC Cockpit in addition to the default root user account. Each User Account will be allocated one of the default Roles described in the Masters View section above and for simplicity will use the same name as the Role they will be given.
To add an administrator User Account:
- Go to the Accounts view and click on the Create Account button at the top right.
- This will open the following Modal window:
- Passwords will be saved in a configuration file in plain text.
- Selecting the administrator Role from the list will avoid possible errors from a mistyped role name.
- It will be clear form the functioning of the Roles Selection that any number of Roles can be specified for a User Account if required
- Click the Submit Button to save the Account configuration, which will become active in a few seconds.
Once a User Account has been created for each role, the Accounts view would look like:
Show If | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||
The above screen shows seven default roles that are delivered with the JOC Cockpit are applicable for all JobScheduler Masters as they are delivered in the JOC Cockpit installation archive. In addition, the following configurations have been added:
The Permissions ViewThe Permissions view is accessed by clicking on a Role in the Master view as indicated in the screenshot above. The Permissions view allows Permissions and Folders to be specified for individual Roles:
In the screenshot above the application_manager Role:
The above Permissions add the following code to the
|
...