bildwelt
E2E FORUM
E2E Bridge E2E Commerce

E2E Console Groups

E2E Forum General Discussion E2E Console Groups

Tagged: 

This topic contains 3 replies, has 2 voices, and was last updated by  Alfred 4 years, 1 month ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #706

    Björn Rödiger
    Participant

    Hi,

    to divide developing and production we would like to see a new kind of security layer in the e2e console.
    So in a productive environment we would establish a quality gate keeper who is allowed to deploy and delete service-configurations and on the other side guards, who can stop, start, kill and export service-configurations.

    Would that possible?

    cheers,Björn

    #707

    Alfred
    Moderator

    Hello Björn,

    I understand your idea like that. You want to have different roles. One role should be able to deploy and delete composite services and assign role membership. The other role is not allowed to deploy and delete composites, but it should be able to stop, start, kill and export service-configurations. Is this what you want to have?

    The E2E Console has a fixed set of three different roles ADMIN, MODELER and USER. Each E2E Console user is member of one group and the user gets his role from the group.

    The roles have these http://docu.e2ebridge.com/Summary+of+User+Access+Rights rights. The configuration of the rights is stored in the file e2e_bridge_data/domain/roles.xml . If you edit this file with an editor you can change the rights. It is a XML file. After a E2E Console update you have to reapply your modifications.

    You could for example remove for all modelers the permission to deploy new services, redeploy services or delete services if you delete or uncomment the following lines inside this element <role roleid=”MODELER” description=”Modelers”>

    <permission name=”deploy/create”                   type=”ALL” />
    <permission name=”deploy/replace”                  type=”GROUP” />
    <permission name=”bridgeserver/delete_instance”    type=”GROUP” />

    After you saved the file roles.xml the permissions are immediately changed.

    This is the changed roles.xml

    <?xml version=”1.0″ encoding=”utf-8″?>
    <roles version=”$Revision: 1.2 $” xmlns=”http://e2e.ch/Console” sequence=”2″>
    <role roleid=”ADMIN” description=”Administrators”>
    <!– common –>
    <permission name=”common/welcome” type=”ALL” />
    <permission name=”common/logout” type=”ALL” />
    <permission name=”common/domain” type=”ALL” />
    <permission name=”common/nodes” type=”ALL” />
    <!– administration (users) –>
    <permission name=”domain/users” type=”ALL” />
    <permission name=”domain/user_create” type=”ALL” />
    <permission name=”domain/user_modify” type=”ALL” />
    <permission name=”domain/user_modify_name” type=”ALL” />
    <permission name=”domain/user_modify_group” type=”ALL” />
    <permission name=”domain/user_modify_active” type=”ALL” />
    <permission name=”domain/user_modify_passwd” type=”ALL” />
    <permission name=”domain/user_delete” type=”ALL” />
    <!– administration (groups) –>
    <permission name=”domain/groups” type=”ALL” />
    <permission name=”domain/group_create” type=”ALL” />
    <permission name=”domain/group_modify” type=”ALL” />
    <permission name=”domain/group_modify_name” type=”ALL” />
    <permission name=”domain/group_modify_role” type=”ALL” />
    <permission name=”domain/group_delete” type=”ALL” />
    <!– administration (nodes) –>
    <permission name=”domain/nodes” type=”ALL” />
    <permission name=”domain/node_import” type=”ALL” />
    <permission name=”domain/node_remove” type=”ALL” />
    <permission name=”domain/node_convert” type=”ALL” />
    <!– administration (deploy) –>
    <permission name=”deploy/create” type=”ALL” />
    <permission name=”deploy/replace” type=”ALL” />
    <!– nodes (console manager) –>
    <permission name=”console/prefs” type=”ALL” />
    <permission name=”console/prefs_modify” type=”ALL” />
    <permission name=”console/prefs_modify_logging” type=”ALL” />
    <permission name=”console/prefs_modify_trace” type=”ALL” />
    <permission name=”console/prefs_modify_display_name” type=”ALL” />
    <permission name=”console/prefs_modify_monitoring_url” type=”ALL” />
    <permission name=”console/logging” type=”ALL” />
    <permission name=”console/firmware” type=”ALL” />
    <permission name=”console/firmware_modify” type=”ALL” />
    <!– nodes (system manager) –>
    <permission name=”system/network” type=”ALL” />
    <!– nodes (proxy server) –>
    <permission name=”proxyserver/prefs” type=”ALL” />
    <permission name=”proxyserver/prefs_modify” type=”ALL” />
    <permission name=”proxyserver/prefs_modify_admin” type=”ALL” />
    <permission name=”proxyserver/logging” type=”ALL” />
    <permission name=”proxyserver/start” type=”ALL” />
    <permission name=”proxyserver/stop” type=”ALL” />
    <!– nodes (proxy instances) –>
    <permission name=”proxynode/entries” type=”ALL” />
    <permission name=”proxynode/certs” type=”ALL” />
    <permission name=”proxynode/certs_modify” type=”ALL” />
    <permission name=”proxynode/delete” type=”ALL” />
    <permission name=”proxynode/create” type=”ALL” />
    <permission name=”proxynode/settings” type=”ALL” />
    <permission name=”proxynode/settings_modify” type=”ALL” />
    <!– nodes (bridge server) –>
    <permission name=”bridgeserver/instances” type=”ALL” />
    <permission name=”bridgeserver/plugins” type=”ALL” />
    <permission name=”bridgeserver/plugins_modify” type=”ALL” />
    <permission name=”bridgeserver/licensing” type=”ALL” />
    <permission name=”bridgeserver/licensing_modify” type=”ALL” />
    <permission name=”bridgeserver/start_instances” type=”ALL” />
    <permission name=”bridgeserver/stop_instances” type=”ALL” />
    <permission name=”bridgeserver/delete_instance” type=”ALL” />
    <permission name=”bridgeserver/resource” type=”ALL” />
    <permission name=”bridgeserver/resource_modify” type=”ALL” />
    <permission name=”bridgeserver/java” type=”ALL” />
    <permission name=”bridgeserver/java_modify” type=”ALL” />
    <permission name=”bridgeserver/xslt” type=”ALL” />
    <permission name=”bridgeserver/xslt_modify” type=”ALL” />
    <permission name=”bridgeserver/statistic” type=”ALL” />
    <permission name=”bridgeserver/statistic_modify” type=”ALL” />
    <!– nodes (bridge instances) –>
    <permission name=”bridgeinst/history” type=”ALL” />
    <permission name=”bridgeinst/logging” type=”ALL” />
    <permission name=”bridgeinst/prefs” type=”ALL” />
    <permission name=”bridgeinst/prefs_modify” type=”ALL” />
    <permission name=”bridgeinst/prefs_modify_startup” type=”ALL” />
    <permission name=”bridgeinst/prefs_modify_automatic_restart” type=”ALL” />
    <permission name=”bridgeinst/prefs_modify_owner” type=”ALL” />
    <permission name=”bridgeinst/prefs_modify_logging” type=”ALL” />
    <permission name=”bridgeinst/prefs_modify_transaction_logging” type=”ALL” />
    <permission name=”bridgeinst/status” type=”ALL” />
    <permission name=”bridgeinst/start” type=”ALL” />
    <permission name=”bridgeinst/stop” type=”ALL” />
    <permission name=”bridgeinst/templates” type=”ALL” />
    <permission name=”bridgeinst/templates_modify” type=”ALL” />
    <permission name=”bridgeinst/kill” type=”ALL” />
    <permission name=”bridgeinst/export” type=”ALL” />
    <permission name=”bridgeinst/dump” type=”ALL” />
    <permission name=”bridgeinst/dump_modify” type=”ALL” />
    <permission name=”bridgeinst/state_classes” type=”ALL” />
    <permission name=”bridgeinst/state_objectes” type=”ALL” />
    <permission name=”bridgeinst/state_object” type=”ALL” />
    <permission name=”bridgeinst/state_events” type=”ALL” />
    <permission name=”bridgeinst/state_classes_modify” type=”ALL” />
    <permission name=”bridgeinst/state_objectes_modify” type=”ALL” />
    <permission name=”bridgeinst/state_object_modify” type=”ALL” />
    <permission name=”bridgeinst/state_events_modify” type=”ALL” />
    <permission name=”bridgeinst/state_delete” type=”ALL” />
    </role>
    <role roleid=”MODELER” description=”Modelers”>
    <!– common –>
    <permission name=”common/welcome” type=”ALL” />
    <permission name=”common/logout” type=”ALL” />
    <permission name=”common/domain” type=”ALL” />
    <permission name=”common/nodes” type=”ALL” />
    <!– administration (users) –>
    <permission name=”domain/users” type=”ALL” />
    <permission name=”domain/user_modify” type=”OWNER” />
    <permission name=”domain/user_modify_passwd” type=”OWNER” />
    <!– administration (deploy) –>
    <!– <permission name=”deploy/create” type=”ALL” />–>
    <!– <permission name=”deploy/replace” type=”GROUP” />–>
    <!– nodes (console manager) –>
    <permission name=”console/prefs” type=”ALL” />
    <permission name=”console/logging” type=”ALL” />
    <permission name=”console/firmware” type=”ALL” />
    <!– nodes (proxy server) –>
    <permission name=”proxyserver/prefs” type=”ALL” />
    <permission name=”proxyserver/logging” type=”ALL” />
    <!– nodes (proxy instances) –>
    <permission name=”proxynode/entries” type=”ALL” />
    <permission name=”proxynode/certs” type=”ALL” />
    <permission name=”proxynode/settings” type=”ALL” />
    <!– nodes (bridge server) –>
    <permission name=”bridgeserver/instances” type=”ALL” />
    <permission name=”bridgeserver/plugins” type=”ALL” />
    <permission name=”bridgeserver/licensing” type=”ALL” />
    <!– <permission name=”bridgeserver/delete_instance” type=”GROUP” />–>
    <permission name=”bridgeserver/resource” type=”ALL” />
    <permission name=”bridgeserver/java” type=”ALL” />
    <permission name=”bridgeserver/xslt” type=”ALL” />
    <permission name=”bridgeserver/statistic” type=”ALL” />
    <!– nodes (bridge instances) –>
    <permission name=”bridgeinst/history” type=”ALL” />
    <permission name=”bridgeinst/logging” type=”ALL” />
    <permission name=”bridgeinst/prefs” type=”ALL” />
    <permission name=”bridgeinst/prefs_modify” type=”GROUP” />
    <permission name=”bridgeinst/prefs_modify_automatic_restart” type=”GROUP” />
    <permission name=”bridgeinst/prefs_modify_logging” type=”GROUP” />
    <permission name=”bridgeinst/prefs_modify_transaction_logging” type=”GROUP” />
    <permission name=”bridgeinst/status” type=”ALL” />
    <permission name=”bridgeinst/start” type=”GROUP” />
    <permission name=”bridgeinst/stop” type=”GROUP” />
    <permission name=”bridgeinst/export” type=”GROUP” />
    <permission name=”bridgeinst/dump” type=”ALL” />
    <permission name=”bridgeinst/dump_modify” type=”ALL” />
    <permission name=”bridgeinst/templates” type=”ALL” />
    <permission name=”bridgeinst/templates_modify” type=”GROUP” />
    <permission name=”bridgeinst/state_classes” type=”ALL” />
    <permission name=”bridgeinst/state_objectes” type=”ALL” />
    <permission name=”bridgeinst/state_object” type=”ALL” />
    <permission name=”bridgeinst/state_events” type=”ALL” />
    <permission name=”bridgeinst/state_classes_modify” type=”GROUP” />
    <permission name=”bridgeinst/state_objectes_modify” type=”GROUP” />
    <permission name=”bridgeinst/state_object_modify” type=”GROUP” />
    <permission name=”bridgeinst/state_events_modify” type=”GROUP” />
    </role>
    <role roleid=”USER” description=”Users”>
    <!– common –>
    <permission name=”common/welcome” type=”ALL” />
    <permission name=”common/logout” type=”ALL” />
    <permission name=”common/domain” type=”ALL” />
    <permission name=”common/nodes” type=”ALL” />
    <!– administration (users) –>
    <permission name=”domain/users” type=”ALL” />
    <permission name=”domain/user_modify” type=”OWNER” />
    <permission name=”domain/user_modify_passwd” type=”OWNER” />
    <!– nodes (console manager) –>
    <permission name=”console/prefs” type=”ALL” />
    <permission name=”console/logging” type=”ALL” />
    <permission name=”console/firmware” type=”ALL” />
    <!– nodes (proxy server) –>
    <permission name=”proxyserver/prefs” type=”ALL” />
    <permission name=”proxyserver/logging” type=”ALL” />
    <!– nodes (proxy instances) –>
    <permission name=”proxynode/entries” type=”ALL” />
    <permission name=”proxynode/certs” type=”ALL” />
    <permission name=”proxynode/settings” type=”ALL” />
    <!– nodes (bridge server) –>
    <permission name=”bridgeserver/instances” type=”ALL” />
    <permission name=”bridgeserver/plugins” type=”ALL” />
    <permission name=”bridgeserver/licensing” type=”ALL” />
    <permission name=”bridgeserver/resource” type=”ALL” />
    <permission name=”bridgeserver/java” type=”ALL” />
    <permission name=”bridgeserver/xslt” type=”ALL” />
    <permission name=”bridgeserver/statistic” type=”ALL” />
    <!– nodes (bridge instances) –>
    <permission name=”bridgeinst/history” type=”ALL” />
    <permission name=”bridgeinst/logging” type=”ALL” />
    <permission name=”bridgeinst/prefs” type=”ALL” />
    <permission name=”bridgeinst/status” type=”ALL” />
    <permission name=”bridgeinst/dump” type=”ALL” />
    <permission name=”bridgeinst/state_classes” type=”ALL” />
    <permission name=”bridgeinst/state_objectes” type=”ALL” />
    <permission name=”bridgeinst/state_object” type=”ALL” />
    <permission name=”bridgeinst/state_events” type=”ALL” />
    </role>
    </roles>

     

    #708

    Björn Rödiger
    Participant

    This would help a lot.

    Is it possible to create a new role also?

    #709

    Alfred
    Moderator

    No, you can not create a new role. But at least you can use the two roles MODELER and USER. I would not change the permissions of the ADMIN role.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.