Role Based Access Control
AdminConsole authorization model is based on role-based access control. Roles and Policies will be defined for each service and that will determine the access privilege a user or a group of users would have in the system. RBAC is made of four elements:
- Roles - Bring Users, Groups, and Policies together. Roles define what users can do with a resource.
- Users - Principal that is requesting access to a resource.
- Policies - List of rules that defines access to a resource.
- Resources - Things you want to grant access to.
Role Definition for Admin Console
The roles defined for Admin Console will be per service rather than per resource. Roles by service means that each service will define roles required to access that particular service. For instance, a Policy Service will define roles that will be used by Segments and Roles within that policy. The roles are not defined by resources or entities. Since segments and policy roles can not be accessed outside the context of a policy.
| Role | Role Description | Role Privilege | Role Association |
| AC_ADMIN | Admin Console Administrator | Permit All | All Services |
| AC_CYCLE | Cycle Read Access | GET | cycle |
Adding Roles
Add the required roles using <role> tag in tomcat-users.xml file.
User and Roles Configuration
Example: <role rolename="AC_ADMIN" /> <user username="<User Name>" password="<must-be-changed>" roles="AC_ADMIN"/>
All the roles which are required need to be added using the above syntax.
Adding Users and Roles Association
Add users and roles association using <Users> tag in the same file.
Example: <user password="qatester3" roles="AC_ADMIN" username="qatester3"/>
A single user can be associated with multiple roles as given below:
Example: <user password="qatester3" roles="AC_ADMIN, AC_CYCLE" username="qatester3"/>
