Administering authorization
Apama’s dashboard authorization facility includes access control that gives you the ability to restrict who can use a given Web-based dashboard—see
Dashboard access control.
The example above configures the Dashboard Viewer to use LdapLoginModule.
Following are the supported environment settings:
ProviderURL (required): Specifies the LDAP server and port, which are used to set the
java.naming.factory.initial property.
Authentication (required): Specifies the authentication mechanism to use. Specify
none,
simple, or
sasl_mech. This value is used to set the
java.naming.security.authentication property;
Anonymous (optional; defaults to true): Specifies whether the
userPrincipal and
userCredential should be used when creating the
LdapContext.
DN (required): Specifies the user principal to be used when accessing the directory. This value is used (after patching with the user name) to set the
java.naming.security.principal property. The user entered password is used in
java.naming.security.credentials.
In the example above, DN is set to the following:
uid=%,ou=City,ou=Region,ou=People,o=ACME Corporation.
The % character is replaced by the login name entered by user.
TLS (required): This specifies whether the LDAP server should start the Transport Security Layer extension. Supply
true to specify that it should be started; supply
false to specify that it should not be started.
Extra (optional): Allows you to specify any extra parameters for setting the environment before creating the
LdapContext. The function of these extra parameters is specific to your LDAP server, not the
LdapLoginModule. Supply a semicolon-separated list of name/value pairs, where each pair has the form
name=value
Consider for example the following:
Extra=java.naming.referral=ignore;java.naming.security.protocol=ssl
This sets java.naming.referral to ignore and java.naming.security.protocol to ssl.
The facility also gives you the ability to control who can use dashboards for each of the following types of Scenario access:
Viewing a given Scenario instance
Editing a given Scenario instance
Deleting a given Scenario instance
Creating an instance of a given Scenario
In addition, you can control who can use dashboards for view access to DataView items. See
Default Scenario and DataView access control and
Customizing Scenario and DataView access control.
You can also control who can send events from dashboards using the
Send Event command. See
Send event authorizationFor Web deployments, some aspects of authorization (in particular, dashboard access control) are centered around the concepts of
users and
roles, which are introduced in
Users and roles.