JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 3

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 4

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Introduction


Operations

Manage Permissions specific for a Controller

By default User Accounts are granted permissions for all Controllers in a scheduling environment. Permissions that are applicable to a particular Controller only can be added to a role. This can be achieved in the Manage Roles sub-view of the Identity Management Service.

Image Added

In the screenshot, the demo_role role has been assigned for the Controller with ID controller2.2.0. and will appear in the list of roles as follows.

Image Added

In this configuration, the demo_role role does not yet have any permissions specific to the Controller ID controller2.2.0. At least one permission needs to be added before the controller2.2.0 - demo_role configuration will be stored persistently.

The interaction of default Controller permissions and Controller specific permissions within the same role is illustrated as follows.

  • default permissions:
    • sos:products:controller:view
  • Controller-specific permissions:
    • sos:products:controller:agents:view

The Dashboard view for all Controllers will display the status of the current Controller but the status of Agent Clusters will only be displayed for the specified Controller - in this case for Controller ID controller2.2.0

Manage Folder Permissions

Folders are used to restrict access to objects such as workflows and schedules. For example, user accounts can be limited to access objects for particular mandators / clients only.

By default permissions are granted for all folders. However, roles can limit access to specific folders.

This is achieved by adding a folder permission, i.e. a set of permissions to view the content of a specific folder only. With a folder permission being in place the permission to access other folders is automatically revoked. If folder permissions should be used for a number of folders then each folder permission has to be specified individually.

Granting Folder Permissions

Folder permissions are granted from the Permissions sub-view. Note that before folder permissions can be assigned a role, the role has to be specified for a user account. In the below example, a test user account and demo_role role have been configured and the demo folder has been created in the inventory.

To open the Permissions sub-view for a specific role, first open the Manage Identity Services page for the respective Identity Service, switch to the Roles sub-view and select the role that should be assigned folder permissions. For assignment click the name of the role in the list of roles.

Click the Add Folders button and in the popup window select a root level folder or a sub-folder such as /demo/*. or demo/.

Image Added

Check the Recursive checkbox in the Add Folder popup window if recursive access to sub-folders is required and click the Submit button.

Any user account that is assigned the demo_role will be able to access scheduling objects in the demo folder only.

Note that the test user account will be able to log in to the JOC Cockpit without being assigned a role, however, no menu items and no functionality is offered from the GUI. A minimum permission is required e.g. by a role that grants the following permission:

  • sos:products:controller:view