Apama 10.3 | Apama Documentation | Building and Using Apama Dashboards | Dashboard Deployment | Administering Dashboard Security | Administering authorization
Administering authorization
Users and roles
Default Scenario and DataView access control
Customizing Scenario and DataView access control
Providing a Scenario Authority
Sample Custom Scenario Authority
Send event authorization
Providing a login module that supports a Scenario or Event Authority
Apama's dashboard authorization facility includes access control that gives you the ability to restrict who can use a given web-based dashboard.
The example above configures the Dashboard Viewer to use LdapLoginModule.
Following are the supported environment settings:
*ProviderURL (required): Specifies the LDAP server and port, which are used to set the java.naming.factory.initial property.
*Authentication (required): Specifies the authentication mechanism to use. Specify none, simple, or sasl_mech. This value is used to set the java.naming.security.authentication property;
*Anonymous (optional; defaults to true): Specifies whether the userPrincipal and userCredential should be used when creating the LdapContext.
*DN (required): Specifies the user principal to be used when accessing the directory. This value is used (after patching with the user name) to set the java.naming.security.principal property. The user entered password is used in java.naming.security.credentials.
In the example above, DN is set to the following:
uid=%,ou=City,ou=Region,ou=People,o=ACME Corporation.
The % character is replaced by the login name entered by user.
*TLS (required): This specifies whether the LDAP server should start the Transport Security Layer extension. Supply true to specify that it should be started; supply false to specify that it should not be started.
*Extra (optional): Allows you to specify any extra parameters for setting the environment before creating the LdapContext. The function of these extra parameters is specific to your LDAP server, not the LdapLoginModule. Supply a semicolon-separated list of name/value pairs, where each pair has the following form
Consider for example the following:
This sets java.naming.referral to ignore and java.naming.security.protocol to ssl.
The facility also gives you the ability to control who can use dashboards for each of the following types of Scenario access:
*Viewing a given Scenario instance
*Editing a given Scenario instance
*Deleting a given Scenario instance
*Creating an instance of a given Scenario
In addition, you can control who can use dashboards for view access to DataView items. See Default Scenario and DataView access control and Customizing Scenario and DataView access control.
You can also control who can send events from dashboards using the Send Event command. See Send event authorization
For web deployments, some aspects of authorization (in particular, dashboard access control) are centered around the concepts of users and roles, which are introduced in Users and roles.

Copyright © 2013-2018 | Software AG, Darmstadt, Germany and/or Software AG USA, Inc., Reston, VA, USA, and/or its subsidiaries and/or its affiliates and/or their licensors.