You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@brooklyn.apache.org by sv...@apache.org on 2016/04/21 12:46:21 UTC

[1/2] brooklyn-docs git commit: Describe "user" entitlement group

Repository: brooklyn-docs
Updated Branches:
  refs/heads/master 0de526b9d -> de490ed2e


Describe "user" entitlement group


Project: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/repo
Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/commit/133eaa91
Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/tree/133eaa91
Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/diff/133eaa91

Branch: refs/heads/master
Commit: 133eaa9130bd32d7ec59683f4979d43c5bbcdb5d
Parents: 6f8c37b
Author: Sam Corbett <sa...@cloudsoftcorp.com>
Authored: Thu Apr 7 15:55:41 2016 +0100
Committer: Sam Corbett <sa...@cloudsoftcorp.com>
Committed: Thu Apr 7 15:55:41 2016 +0100

----------------------------------------------------------------------
 guide/ops/brooklyn_properties.md | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/brooklyn-docs/blob/133eaa91/guide/ops/brooklyn_properties.md
----------------------------------------------------------------------
diff --git a/guide/ops/brooklyn_properties.md b/guide/ops/brooklyn_properties.md
index e8335f1..2805297 100644
--- a/guide/ops/brooklyn_properties.md
+++ b/guide/ops/brooklyn_properties.md
@@ -156,7 +156,9 @@ brooklyn.webconsole.security.ldap.realm=example.com
 After you setup the brooklyn connection to your LDAP server, you can authenticate in brooklyn using your cn (e.g. John Smith) and your password.
 `org.apache.brooklyn.rest.security.provider.LdapSecurityProvider` searches in the LDAP tree in LDAP://cn=John Smith,ou=Users,dc=example,dc=com
 
-If you want to customize the ldap path or something else which is particular to your LDAP setup you can extend `LdapSecurityProvider` class or implement from scratch the `SecurityProvider` interface.
+If you want to customize the ldap path or something else which is particular to your LDAP setup you
+can extend `LdapSecurityProvider` class or implement from scratch the `SecurityProvider` interface.
+
 
 ## Entitlements
 
@@ -175,15 +177,17 @@ The default entitlement manager is one which responds to per-user entitlement ru
 and understands:
 
 * `root`:  full access, including to the Groovy console
+* `user`:  access to everything but actions that affect the server itself. Such actions include the
+  Groovy console, stopping the server and retrieving management context configuration.
 * `readonly`:  read-only access to almost all information
 * `minimal`:  access only to server stats, for use by monitoring systems
 
-These keywords are also understood at the `global` level, so to grant full access to `admin`
-but limited access to other authenticated users and `readonly, 
+These keywords are also understood at the `global` level, so to grant full access to `admin`,
+read-only access to `support`, limited access to `metrics` and regular access to `user`
 you can write:
 
 {% highlight properties %}
-brooklyn.entitlements.global=readonly
+brooklyn.entitlements.global=user
 brooklyn.entitlements.perUser.admin=root
 brooklyn.entitlements.perUser.support=readonly
 brooklyn.entitlements.perUser.metrics=minimal
@@ -195,7 +199,7 @@ so the above can equivalently be written:
 
 {% highlight properties %}
 brooklyn.entitlements.global=org.apache.brooklyn.core.mgmt.entitlement.PerUserEntitlementManager
-brooklyn.entitlements.perUser.default=readonly
+brooklyn.entitlements.perUser.default=user
 brooklyn.entitlements.perUser.admin=root
 brooklyn.entitlements.perUser.support=readonly
 brooklyn.entitlements.perUser.metrics=minimal
@@ -207,7 +211,6 @@ or
 {% include java_link.html class_name="EntitlementManager" package_path="org/apache/brooklyn/api/mgmt/entitlement" project_subpath="api" %}.
 
 
-
 ## HTTPS Configuration
 
 To enable https, you will need a server certificate in a java keystore. To create a self-signed certificate, you can use the

[2/2] brooklyn-docs git commit: Closes #43

Posted by sv...@apache.org.

Closes #43

Describe "user" entitlement group

Documentation for entitlements changes in https://github.com/apache/brooklyn-server/pull/108.


Project: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/repo
Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/commit/de490ed2
Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/tree/de490ed2
Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/diff/de490ed2

Branch: refs/heads/master
Commit: de490ed2e1e53664bc0b8a40fc79a65c87d93afc
Parents: 0de526b 133eaa9
Author: Svetoslav Neykov <sv...@cloudsoftcorp.com>
Authored: Thu Apr 21 11:45:39 2016 +0100
Committer: Svetoslav Neykov <sv...@cloudsoftcorp.com>
Committed: Thu Apr 21 11:45:39 2016 +0100

----------------------------------------------------------------------
 guide/ops/brooklyn_properties.md | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)
----------------------------------------------------------------------