Deploying and Managing Apama Applications > Administering Dashboard Security > Administering authorization
Administering authorization
Apama’s dashboard authorization facility includes access control that gives you the ability to restrict who can use a given Web-based dashboard—see Dashboard access control.
The example above configures the Dashboard Viewer to use LdapLoginModule.
Following are the supported environment settings:
*ProviderURL (required): Specifies the LDAP server and port, which are used to set the java.naming.factory.initial property.
*Authentication (required): Specifies the authentication mechanism to use. Specify none, simple, or sasl_mech. This value is used to set the java.naming.security.authentication property;
*Anonymous (optional; defaults to true): Specifies whether the userPrincipal and userCredential should be used when creating the LdapContext.
*DN (required): Specifies the user principal to be used when accessing the directory. This value is used (after patching with the user name) to set the java.naming.security.principal property. The user entered password is used in java.naming.security.credentials.
In the example above, DN is set to the following:
uid=%,ou=City,ou=Region,ou=People,o=ACME Corporation.
The % character is replaced by the login name entered by user.
*TLS (required): This specifies whether the LDAP server should start the Transport Security Layer extension. Supply true to specify that it should be started; supply false to specify that it should not be started.
*Extra (optional): Allows you to specify any extra parameters for setting the environment before creating the LdapContext. The function of these extra parameters is specific to your LDAP server, not the LdapLoginModule. Supply a semicolon-separated list of name/value pairs, where each pair has the form
name=value
Consider for example the following:
Extra=java.naming.referral=ignore;java.naming.security.protocol=ssl
This sets java.naming.referral to ignore and java.naming.security.protocol to ssl.
The facility also gives you the ability to control who can use dashboards for each of the following types of Scenario access:
*Viewing a given Scenario instance
*Editing a given Scenario instance
*Deleting a given Scenario instance
*Creating an instance of a given Scenario
In addition, you can control who can use dashboards for view access to DataView items. See Default Scenario and DataView access control and Customizing Scenario and DataView access control.
You can also control who can send events from dashboards using the Send Event command. See Send event authorization
For Web deployments, some aspects of authorization (in particular, dashboard access control) are centered around the concepts of users and roles, as defined in the J2EE specification. Users and roles are introduced in Users and roles.
Copyright © 2013 Software AG, Darmstadt, Germany and/or Software AG USA Inc., Reston, VA, USA, and/or Terracotta Inc., San Francisco, CA, USA, and/or Software AG (Canada) Inc., Cambridge, Ontario, Canada, and/or, Software AG (UK) Ltd., Derby, United Kingdom, and/or Software A.G. (Israel) Ltd., Or-Yehuda, Israel and/or their licensors.