Apama 10.15.0 | Building and Using Apama Dashboards | Dashboard Deployment | Administering Dashboard Security | Administering authorization
 
Administering authorization
 
Users and roles
Predefined roles
Default DataView access control
Customizing DataView access control
Providing a Scenario Authority
Sample Custom Scenario Authority
Send event authorization
Providing a login module that supports an Event Authority
Apama's dashboard authorization facility includes access control that gives you the ability to restrict who can use a given web-based dashboard.
The example above configures the Dashboard Viewer to use LdapLoginModule.
Following are the supported environment settings:
*ProviderURL (required): Specifies the LDAP server and port, which are used to set the java.naming.factory.initial property.
*Authentication (required): Specifies the authentication mechanism to use. Specify none, simple, or sasl_mech. This value is used to set the java.naming.security.authentication property;
*Anonymous (optional; defaults to true): Specifies whether the userPrincipal and userCredential should be used when creating the LdapContext.
*DN (required): Specifies the user principal to be used when accessing the directory. This value is used (after patching with the user name) to set the java.naming.security.principal property. The user entered password is used in java.naming.security.credentials.
In the example above, DN is set to the following:
uid=%,ou=City,ou=Region,ou=People,o=ACME Corporation.
The % character is replaced by the login name entered by user.
*TLS (required): This specifies whether the LDAP server should start the Transport Security Layer extension. Supply true to specify that it should be started; supply false to specify that it should not be started.
*Extra (optional): Allows you to specify any extra parameters for setting the environment before creating the LdapContext. The function of these extra parameters is specific to your LDAP server, not the LdapLoginModule. Supply a semicolon-separated list of name/value pairs, where each pair has the following form
name=value
Consider for example the following:
Extra=java.naming.referral=ignore;java.naming.security.protocol=ssl
This sets java.naming.referral to ignore and java.naming.security.protocol to ssl.
The facility also gives you the ability to control who can use dashboards for each of the following types of DataView access:
*Viewing a given DataView instance
*Editing a given DataView instance
*Deleting a given DataView instance
*Creating an instance of a given DataView
In addition, you can control who can use dashboards for view access to DataView items. See Default DataView access control.
You can also control who can send events from dashboards using the Send Event command. See Send event authorization
For web deployments, some aspects of authorization (in particular, dashboard access control) are centered around the concepts of users and roles, which are introduced in Users and roles.