Product Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 45

changes.mady.by.user Alan Amos

Saved on

compared with

New Version 46

changes.mady.by.user Alan Amos

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: 'Permissions view' updated

...

Excerpt

The JOC Cockpit comes with an editor for Managing Authentication and Authorization - the Manage Accounts view.

Display feature availability
StartingFromRelease1.11.2

Permissions Hierarchy

Permissions are configured hierarchically:

...

These views will be described in the following sections.

The Accounts

...

Tab

The Accounts view is the view that tab is opened first when a user selects the Manage Accounts view and lists all the User Accounts that have been configured along with the Roles they have been assigned.

...

The above screenshot shows the default root User Account which is the only Account that is configured after installation of the JOC Cockpit.

  • The Create Account button is used to open a window to add a new User Account

...

  • with name, password and Roles
  • The additional options (ellipsis) symbol

...

  • allows an Account to be edited (change the Account Name and/or Password, select/unselect Roles) and to be copied or deleted.
  • Clicking on the Account Name brings the user to the Masters

...

  • tab (described below) where the

...

  • Masters and Role(s) allocated for the User Account can be edited.

The Masters

...

Tab

The main purpose of the Masters view tab is to allow JobScheduler Master Masters and Roles to be configured. 

When the view tab is first opened after installation of the JOC Cockpit it will appear as shown in the next screenshot:

...

The above screen shows seven default roles Roles that are provided with the JOC Cockpit. These Roles are intended to help system administrators get a realistic authorization configuration working as quickly as possible and can be modified as required. These roles Roles shown in this tab under the heading default are valid for all JobScheduler Master instances in the environment.

Positioning the mouse over a role name blends in two links as shown in the screenshot above:

By default Roles are active for all Masters.

If the Masters tab is opened by clicking on an Account Name in the Accounts tab (mentioned above), the Masters Tab will show those Roles that have been assigned to that Account. The Account that is active is shown in the Account button, which can also be used to select and deselect the Account.

Positioning the mouse over a role name blends in two links as shown in the screenshot above:

  • the pencil link allows the role to be the pencil link allows the role to be edited and
  • the X link allows the role to be deleted.

A set of Permissions is configured for each Role. Each Permissions set can be inspected by clicking on the Role name in the Masters view list. An example Permissions set is described in the next section.

The Permissions

...

Tab

The main purpose of the Permissions view is to allow Permissions and Folders to be configured for each Role.The screenshot below shows

Folder Selection

Folders are added using the Add Folder button shown in the background of the screenshot below, at the top right.

Image Added

Folders themselves are selected from a simple tree view of the folders in the JobScheduler Master's live Folder. The tree view is opened by clocking on the folder symbol shown in the screenshot.

Permissions Configuration

Two editors are available for the configuration of the Permissions for a Role:

  • A graphical editor as shown in the next screenshot:
    Image Added
    • Changes to the Permissions tree are saved to the shiro.ini file in near real-time.
    • The Undo button stores the last 10 changes made.
    • The Reset button button stores the initial state when the Permissions Tab is opened.
    • The states saved in the Undo and Reset buttons are deleted when the Permissions tab is left.
    • Clicking on the middle of a Permission icon will grant the Permission for the current Role.
      • Granted Permissions have a blue background and are by default recursive.
    • The "+" and "-" symbols at the right of each Permission icon open and close child branches.
    • The "+" and "-" symbols at the left of each Permission icon are used to revoke a higher Permission and are by default recursive.
      • Permission icons affected by revoked Permissions are shown with a gray background 
        Status
        subtletrue
        colourGreen
        titleFeature available with Version 1.11.4


  • A list editor as shown in the next screenshot, which shows the default permissions for the administrator Role

...

  • :
    Image Added

  • Individual Permissions can be modified and removed from the Role using the pencil and X symbols that are blended in when the user's mouse is moved over a Permission:
  • The Edit function allows the the Permission to be made subtractive - i.e. for a permission granted at a higher level to be removed.

...

  • The Folder part of the view is for restricting the Role to accessing particular Folders - and thereby particular Jobs, Job Chains, etc - within a JobScheduler Master's live folder and will be described later.
  • Editing Permissions is  described below .

Initial Configuration

Creating User Accounts for Default Roles

...