Page History

Use Cases

Multi-Mandator Scheduling

A JobScheduler Master can be used to provide job scheduling services for a number of mandators / clients and ensure that Users such as operators or support staff associated with one mandator do not have access to scheduling activities or configuration information for another mandator. This is achieved by configuring a combination of Roles and Folder Permissions.  

Consider a JobScheduler Master carrying out scheduler activities for two clients mandator A and mandator B:

• The JobScheduler's live Folder is structured as follows:
  • live
    • mandator_a_folder (for all Jobs, Orders, etc. for this client)
    • mandator_b_folder (for all Jobs, Orders, etc. for this client)
    • sos (the default folder for Housekeeping and other Jobs, Orders, etc.)
• Incident management for each mandator is carried out by separate User with the default incident_manager Role and a Role with Folder Permissions restricting them to the respective mandator Folder- i.e.
  • mandator_a_im_user (Incident Manager User  for mandator A)
    • incident_manager (common default Role)
    • mandator_a_role (mandator-specific Role)
      
      • mandator_a_folder (Folder Permission)
  • mandator_b_im_user (Incident Manager User  for mandator B)
    • incident_manager (common default Role)
    • mandator_b_role (mandator-specific Role)
      • mandator_b_folder (Folder Permission)

The above configuration means that the incident manager Users for mandator A and mandator B will only be able to see the Jobs, Orders, log files, and other possibly confidential information for their respective mandator.

See the Folders Section (above) for instructions about configuring Folder Permissions.

Example Files

Download the Example

A working example of the above use case can be downloaded from this link:

• jobscheduler_examples_mandators_a+b_files.zip

Install the Example

When the archive is unpacked three elements will shown:

• two folders:
  
  • mandator_a_folder and
  • mandator_b_folder and
• a shiro.ini configuration file.

Copy the two folders with all their contents to your JobScheduler's live folder. It is not necessary to delete any of the existing folders.

Make a backup of the current shiro.ini file in the /joc/resources/joc folder and then overwrite the current shiro.ini file from the version from the download archive. See the Installation Instructions for the JobScheduler and JOC Cockpit for information about the default location of these folders.

Restart the Jetty server to implement the changes in the shiro.ini configuration.

Example Description

Each of the mandator folders contains a hello_world sub-folder with job chains and orders that are scheduled to run once an hour.

The shiro.ini file contains a configuration based on the shiro.ini file delivered with the JOC Cockpit installation with the following roles active:

In addition the following mandator-specific Users and Roles have been configured:

Holders of the three mandator_a_* user accounts are only able to access the Jobs, Orders, Schedules, etc in the relevant mandator_*_folder and its sub-folders. In addition, access to Run Plan, History, Audit Log and log file information is only available to user accounts with the correct Permissions,

Note that the user accounts with the it_operator Role are the only ones configured in this example that have the necessary Permissions to start Orders.