...
A JobScheduler Master can be used to provide job scheduling services for a number of mandators / clients and ensure that Users such as operators or support staff associated with one mandator do not have access to scheduling activities or configuration information of for another mandator. This is achieved with by configuring a combination of Roles and Folder Permissions.
...
- The JobScheduler's
live
Folder is structured as follows:live
mandator_a_folder
(for all Jobs, Orders, etc. for this client)mandator_b_folder
(for all Jobs, Orders, etc. for this client)sos
(the default folder for housekeeping Housekeeping and other Jobs, Orders, etc.)
- Incident management for each mandator is carried out by separate User with the default incident_manager Role and a Role with Folder Permissions restricting them to the respective mandator Folder- i.e.
mandator_a_im_user
(Incident Manager User for mandator A)- incident_manager (common default Role)
- mandator_a_role (mandator-specific Role)
mandator_a_folder
(Folder Permission)
mandator_b_im_user
(Incident Manager User for mandator B)- incident_manager (common default Role)
- mandator_b_role (mandator-specific Role)
mandator_b_folder
(Folder Permission)
...
See the Folders Section (above) for instructions about configuring Folder Permissions.
Example Files
A working example of the above use case can be downloaded from this link:
When unpacked three archive elements will shown:
- two folders:
mandator_a_folder
andmandator_b_folder
. - a
shiro.ini
configuration file.
Copy the two folders with all their contents to your JobScheduler's live
folder. It is not necessary to delete any of the existing folders.
Make a backup of the current shiro.ini
file in the /joc/resources/joc folder
and then overwrite the current shiro.ini
file from the version from the download archive. See the Installation Instructions for the JobScheduler and JOC Cockpit for information about the default location of these folders.
Each of the mandator folders contains a hello_world
sub-folder with job chains and orders that are scheduled to run once an hour.
The shiro.ini
file contains a configuration based on the shiro.ini
file delivered with the JOC Cockpit installation with the following roles active:
User | Role | Password |
---|---|---|
root | all | root |
administrator | administrator | secret |
api_user | api_user | secret |
application_manager | application_manager | secret |
business_user | business_user | secret |
incident_manager | incident_manager | secret |
it_operator | it_operator | secret |
In addition the following mandator-specific Users and Roles have been configured:
User | Roles | Password |
---|---|---|
mandator_a_bu_user | mandator_a_role business_user | secret |
mandator_a_im_user | mandator_a_role incident_manager | secret |
mandator_a_ito_user | mandator_a_role it_operator | secret |
mandator_b_bu_user | mandator_b_role business_user | secret |
mandator_b_im_user | mandator_b_role incident_manager | secret |
mandator_b_ito_user | mandator_b_role it_operator | secret |
Explanation
Holders of the three mandator_a_* user accounts are only able to access the Jobs, Orders, Schedules, etc in the respective mandator_*_folder
. and their sub-folders. In addition, access to Run Plan, History, Audit Log and log file information is only available to user accounts with the correct Permissions,
Note that the user accounts with the it_operator Role are the only ones configured in this example that have the necessary Permissions to start Orders.