This article only applies for the Classic JOC interface
The Classic JOC user interface is entering retirement:
FEATURE AVAILABILITY ENDING WITH RELEASE 1.11
The JOC Cockpit user interface is replacing the Classic JOC interface:
FEATURE AVAILABILITY STARTING FROM RELEASE 1.11
See the Authentication and Authorization - Configuration Article for Information about configuring the JOC Cockpit for operation with an LDAP authentication server.
The JobScheduler knows different permissions for xml commands. These permissions can be configured differently for each IP address in the security element of the ./config/scheduler.xml file:
<security ignore_unknown_hosts="yes"> <allowed_host host="localhost" level="all"/> <allowed_host host="[scheduler_host]" level="all"/> <allowed_host host="123.123.123.123" level="info"/> </security>
where [scheduler_host] is the hostname or IP of that machine where the JobScheduler is installed.
If you call JOC from [scheduler_host] with http://[scheduler_host]:4444
then you have full access.
If you call JOC from 123.123.123.123 with http://[scheduler_host]:4444
then your permissions are restricted.
But these are only IP level rights.
Currently the JobScheduler doesn't know user level permissions.
If you want user level permissions, then you can follow the instructions set out in How to operate JOC with an Apache Proxy.
If you use two user groups (admin, operator) which have different permission sets then see the article How to configure JOC for HTTP authentication for the configuration for different machines.
Furthermore configure the ./config/scheduler.xml file like this:
<security ignore_unknown_hosts="yes"> <allowed_host host="localhost" level="all"/> <allowed_host host="[scheduler_host]" level="all"/> <allowed_host host="[hostname of apache for admin]" level="all"/> <allowed_host host="[hostname of apache for operator]" level="info"/> </security>