Summary: System roles provided in the default security filter (admin, write, read, execute); how to add custom roles.

Overview

The default security filter includes the following roles:

  • System roles - provide security at the operation level.
  • Custom roles - provide security at the operation and class/object content level.

Using the custom roles, you may define a user role that blocks read/write of any entry instance from a specific class type - e.g., permits read access for Entries from type ClassA. You may also define a field value security classification rule where a role blocks a read operation based on a template-specific field value (e.g., permit user to read Entries from ClassA type where their field A=1) or a write operation based on an entry-specific field value (e.g., permit user to write entries from ClassB type where their field B=2).

Classes inherit their security properties from their super classes. You can define security properties for classes which have not been introduced to the space by extending your Entry classes from one super class. This class will have relevant security properties to be used by all its sub-classes.
Here is a summary of the different roles supported:

Access control Description Space API Permissions
Admin Access to the administrative API of a space node.
The admin user does not have other permissions (such as write, read, execute to the space), other than executing the Admin API.
getAdmin
Write Access to perform destructive operations on the space write, update, take, clear, clean
Read Read access to the space read, notify, count
Execute Grant task execution on the space OpenSpaces API for execute
User-defined In the Roles Manager, you may define any combination of admin, write, or read properties. You may also customize Entries and their attributes according to field names and values. depends on configuration

If there are multiple roles specified for a single username, the space server allows the least restrictive roles to decide whether to perform a certain action (a user with several roles defined for it, where one role is "read only" and another is "read/write, is allowed to read and write).

Creating User-Defined Roles

The User view allow you to define users and their privileged system and custom roles and specify customized, user-defined roles.

  • To access the Users view click on the Users node under the space node. You will be prompted with a Login window.
  • The default user and password is gsadmin.
  • Click OK. the Users View will be displayed:
  • To add a user to the filter: Click Add
    The Add User dialog box appears:
  • Enter the new user's name and password respectively; re-enter the password to confirm it. Users and roles data are stored in an encrypted file at the specified location.
  • Check any desired system roles:
    • Admin-defines an administrator who may execute the Admin API (getAdmin() ) only.
      The admin user does not have other permissions (such as write, read, execute to the space), other than executing the Admin API.
    • Read-defines read-only access to the space.
    • Write-defines read, write, and notify access to the space.
    • Execute-defines task execution access on the space.
  • To define a customized, user-defined role, click Roles Manager. The Roles Manager dialog appears.
  • To add a new role, click Add.
  • To edit an existing role, click Edit.
  • If you are adding a new role enter the Role Name. Configure the rest of the attributes as follows:
    • Check any restricted roles
    • To add a new grant access to the role, click Add next to the Class Name. To edit a preexisting Class Name, click it and type the new class name. Click Remove to delete the class name or Remove All to delete all (multiple) class names.
      Under Entry Attributes, enter the Name of the Class's field to restrict and it's Value. Adding more than one attribute will restrict the values to those specified (only a matching value is granted). Click Remove to delete an attribute or Remove All to delete all (multiple) attributes.
  • To save your new or modified role, click OK.
  • To update the space filter with the new user, click Update Now.
  • Click Add to add the new user to the filter.
  • To edit user details:
    • In the Edit Filter Definition window, select the user to be edited.
      Click Edit.
    • The Edit User Details window appears for the selected user.
      For a summary of the different roles supported, see above.
  • Modify details for the user as follows:
    • Enter any desired change in the password and confirm it.
    • Modify any change in system roles by checking/unchecking the appropriate boxes.
    • Modify any user-defined roles by highlighting them and selecting the Roles Manager. For details, see steps a - c in "To Add a user to the filter" above.
  • Click OK to save any changes.
  • To update the space filter user changes, click Update Now.
GigaSpaces.com - Legal Notice - 3rd Party Licenses - Site Map - API Docs - Forum - Downloads - Blog - White Papers - Contact Tech Writing - Gen. by Atlassian Confluence