JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 2

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 3

changes.mady.by.user Aditi Dubey

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • which application manages user accounts/passwords:
    • a specific application of the Identity Service,
    • JOC Cockpit that propagates user accounts/passwords to the Identity Service but does not store such credentials with its database.
  • where assignments of roles to user accounts are stored
    • with the Identity Service
    • with the JS7 database

Identity ServiceIdentity Service Configuration ItemsJOC Cockpit Configuration
Service IDBuilt-inUser Accounts/Passwords
stored with		User Accounts/Passwords
managed by		Roles/Permissions
stored with		Assignment Roles->User Accounts
stored with		Roles Mapping
JOCyesDatabaseJOCDatabaseDatabasen/a
LDAP-JOCyesLDAP ServerLDAPDatabaseDatabasen/a
LDAPyesLDAP ServerLDAPDatabaseLDAP ServerMapping of LDAP Security Groups to JOC Cockpit Roles
Vault-JOCnoVault ServerVaultDatabaseDatabasen/a
Vault-JOC-ACTIVEnoVault ServerVault, JOCDatabaseDatabasen/a
VaultnoVault ServerVaultDatabaseVault ServerMapping of Vault Policies to JOC Cockpit Roles
Keycloak-JOCnoKeycloak ServerVaultDatabaseDatabasen/a
Keycloak-JOC-ACTIVEnoKeycloak ServerKeycloak, JOCDatabaseDatabasen/a
KeycloaknoKeycloak ServerKeycloakDatabaseKeycloak ServerMapping of Keycloak Policies to JOC Cockpit Roles
Shiro (deprecated)yesshiro.inishiro.inishiro.inishiro.inin/a

Manage Identity Services

The operation to manage Identity Services is available from the user menu in the right upper corner of any JOC Cockpit page:

...

The built-in Identity Service does not require any settings.

The built-in Identity Service does not require any settings.

After installing the JOC Cockpit, log in with the default root:root user name and password which comes under the Shiro identity service.

The Manage Accounts section of the JOC Identity is then accessed via the Profile Menu as shown in the screenshot below. Select Identity Management Service.

Image Added

The Identity Management Service window has the list of the available Identity Services which is previously created or you can also create a new Identity service. Form here you can select the Identity Services to manage the accounts inside it. Select the JOC from the list.

Image Added

The JOC Identity Service window has the three main section which can managed via the tabs:

Image Added

  • Accounts: for the configuration of User Accounts. Accounts configured in the Database and access from there only.
  • Manage Roles: for configuring Roles and the Controller that can be accessed by a Role.
    • Permissions: a sub-view for configuring access to Folders and Role Permissions.
  • Profile: from this view user can check the last login detail.

These tabs will be described in the following sections.

The Accounts Tab

The Accounts tab is opened first when a user selects the Identity Service from the Identity Management Service window and lists all the User Accounts that have been configured along with the Roles they have been assigned.

Image Added

The above screenshot shows the test User Account which is manually created with the role. Currently, JOC Identity Service does not contains any default account and roles inside it. 

  • The Create Account button is used to open a window to add a new User Account with name, password, and Roles.
  • The additional options (ellipsis) symbol allows an Account to be edited (change the Account Name and/or Password, select/deselect Roles) and to be copied or deleted.
  • Clicking on the Account Name brings the user to the Manage Roles tab (described below) where the Controllers and Role(s) allocated for the User Account can be edited.

The Manage Roles Tab

The main purpose of the Manage Roles tab is to allow Controller Roles and any Controller which these Roles will be restricted to be configured. 

When the tab is first opened after installation of the JOC Cockpit it will be blank and no roles are created by default. In the below screenshot you can see test-role created manually.

Image Added

The default heading in the screenshot denotes that the roles under this heading are active for all Masters - the default setting.

If the Masters tab is opened by clicking on an Account Name in the Accounts tab (described in the previous section), the Masters Tab will show those Roles that have been assigned to that Account. The Account that is active is shown in the Account button, which can also be used to select and deselect Accounts.

Positioning the mouse over a role name blends in two links as shown in the screenshot above:

  • the pencil link allows the role to be edited and
  • the X link allows the role to be deleted.

A set of Permissions is configured for each of these default Roles. Each Permissions set can be inspected by clicking on the Role name in the Masters view list, which will open the Permissions tab for the Role in question. An example Permissions set is described in the next section. A matrix showing the default Roles and their Permissions along with a description of the Permission is provided in the Authentication and Authorization - Permissions for the JOC Cockpit Web Service article.

Shiro Identity Service Settings

...