Administering Authorization Rules using System Management Hub

An authorization rule is used to perform an access check for a particular Broker instance against an (authenticated) user ID and list of rules. Checks are performed on a UNIX or Windows Broker kernel, using standard EntireX Security on these platforms. Authorization rules can be stored within a repository. When an authorization call occurs, the security exit performs checks based on the values of Broker attributes AUTHORIZATIONDEFAULT and AUTHORIZATIONRULE.

In the System Management Hub, the Authorization Rules agent is found directly under EntireX, which itself is found under a particular managed host where EntireX version 6.1 or above has been installed.

This document covers the following topics:

Before you log in to the System Management Hub for the first time, see Initial Login Considerations. See also System Management Hub for EntireX | Configuring Authorization Rules.


Adding a Rule

Start of instruction setTo add a new authorization rule

  1. Click on the "+" next to Authorization Rules in the tree view of the System Management Hub window. If no rule has been defined, an empty rule, "DefaultRule", is created. You can modify this default rule, or create a new rule and delete the default.

  2. Select Authorization Rules in the tree view. From the context menu, choose Add Authorization Rule. A screen similar to the one below appears.

    Add an Authorization Rule

  3. Enter the name of the rule in the field provided. This field corresponds to Broker attribute AUTHORIZATIONRULE.

  4. Choose OK.

This new rule will appear in the tree view in the left frame of the System Management Hub window. If necessary, click the "+" next to Authorization Rules in the tree view. You can now add a service to the rule created.

Adding a Service

Start of instruction setTo add a service

  1. Select a rule in the tree view of the System Management Hub.

  2. From the context menu, choose Add Service. A screen similar to the one below appears.

    Adding a Service with SMH

  3. Enter the information required for the fields Class Name, Server Name, Service Name. These fields correspond to the service-specific Broker attributes CLASS, SERVER,SERVICE.

  4. Choose OK to confirm.

    As a result, the following screen appears:

    graphics/xAddUserInService.png

  5. Enter the users required for the new Service (see Adding/Modifying Users).

  6. Click OK to confirm.

Adding a Topic

Start of instruction setTo add a topic

  1. Select a rule in the tree view of the System Management Hub.

  2. From the context menu, choose Add Topic. A screen similar to the one below appears.

    Adding a Topic with SMH

  3. Enter the information required for the filed Topic Name. This field corresponds to topic-specific Broker attribute TOPIC.

  4. Choose OK to confirm.

    As a result, the following screen appears:

    graphics/xAddUserInTopic.png

  5. Enter the users required for the new Service (see Adding/Modifying Users).

  6. Click OK to confirm.

Adding/Modifying Users

Start of instruction setTo modify users

  1. Select a service or topic in the tree view of the System Management Hub.

  2. From the context menu, choose Modify User. If a service was selected, a screen similar to the following appears:

    graphics/xmodify_serviceUser.png

  3. If a topic was selected, a screen similar to the following appears:

    graphics/xmodify_topicUser.png

  4. Enter a user ID in the single-line field provided and click Add for the desired user type (client, server, publisher or subscriber).

    Or:
    Remove a user from an existing list by selecting the user and clicking Remove User.

  5. When the user list is complete, choose OK to confirm.

    Note:
    User names are not case-sensitive. Use asterisk notation to define a range of users. For example: user ID "USA*" represents all users whose ID starts with "USA" (including user "USA").