You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@brooklyn.apache.org by sv...@apache.org on 2016/04/21 12:46:21 UTC
[1/2] brooklyn-docs git commit: Describe "user" entitlement group
Repository: brooklyn-docs
Updated Branches:
refs/heads/master 0de526b9d -> de490ed2e
Describe "user" entitlement group
Project: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/repo
Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/commit/133eaa91
Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/tree/133eaa91
Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/diff/133eaa91
Branch: refs/heads/master
Commit: 133eaa9130bd32d7ec59683f4979d43c5bbcdb5d
Parents: 6f8c37b
Author: Sam Corbett <sa...@cloudsoftcorp.com>
Authored: Thu Apr 7 15:55:41 2016 +0100
Committer: Sam Corbett <sa...@cloudsoftcorp.com>
Committed: Thu Apr 7 15:55:41 2016 +0100
----------------------------------------------------------------------
guide/ops/brooklyn_properties.md | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/brooklyn-docs/blob/133eaa91/guide/ops/brooklyn_properties.md
----------------------------------------------------------------------
diff --git a/guide/ops/brooklyn_properties.md b/guide/ops/brooklyn_properties.md
index e8335f1..2805297 100644
--- a/guide/ops/brooklyn_properties.md
+++ b/guide/ops/brooklyn_properties.md
@@ -156,7 +156,9 @@ brooklyn.webconsole.security.ldap.realm=example.com
After you setup the brooklyn connection to your LDAP server, you can authenticate in brooklyn using your cn (e.g. John Smith) and your password.
`org.apache.brooklyn.rest.security.provider.LdapSecurityProvider` searches in the LDAP tree in LDAP://cn=John Smith,ou=Users,dc=example,dc=com
-If you want to customize the ldap path or something else which is particular to your LDAP setup you can extend `LdapSecurityProvider` class or implement from scratch the `SecurityProvider` interface.
+If you want to customize the ldap path or something else which is particular to your LDAP setup you
+can extend `LdapSecurityProvider` class or implement from scratch the `SecurityProvider` interface.
+
## Entitlements
@@ -175,15 +177,17 @@ The default entitlement manager is one which responds to per-user entitlement ru
and understands:
* `root`: full access, including to the Groovy console
+* `user`: access to everything but actions that affect the server itself. Such actions include the
+ Groovy console, stopping the server and retrieving management context configuration.
* `readonly`: read-only access to almost all information
* `minimal`: access only to server stats, for use by monitoring systems
-These keywords are also understood at the `global` level, so to grant full access to `admin`
-but limited access to other authenticated users and `readonly,
+These keywords are also understood at the `global` level, so to grant full access to `admin`,
+read-only access to `support`, limited access to `metrics` and regular access to `user`
you can write:
{% highlight properties %}
-brooklyn.entitlements.global=readonly
+brooklyn.entitlements.global=user
brooklyn.entitlements.perUser.admin=root
brooklyn.entitlements.perUser.support=readonly
brooklyn.entitlements.perUser.metrics=minimal
@@ -195,7 +199,7 @@ so the above can equivalently be written:
{% highlight properties %}
brooklyn.entitlements.global=org.apache.brooklyn.core.mgmt.entitlement.PerUserEntitlementManager
-brooklyn.entitlements.perUser.default=readonly
+brooklyn.entitlements.perUser.default=user
brooklyn.entitlements.perUser.admin=root
brooklyn.entitlements.perUser.support=readonly
brooklyn.entitlements.perUser.metrics=minimal
@@ -207,7 +211,6 @@ or
{% include java_link.html class_name="EntitlementManager" package_path="org/apache/brooklyn/api/mgmt/entitlement" project_subpath="api" %}.
-
## HTTPS Configuration
To enable https, you will need a server certificate in a java keystore. To create a self-signed certificate, you can use the
[2/2] brooklyn-docs git commit: Closes #43
Posted by sv...@apache.org.
Closes #43
Describe "user" entitlement group
Documentation for entitlements changes in https://github.com/apache/brooklyn-server/pull/108.
Project: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/repo
Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/commit/de490ed2
Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/tree/de490ed2
Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/diff/de490ed2
Branch: refs/heads/master
Commit: de490ed2e1e53664bc0b8a40fc79a65c87d93afc
Parents: 0de526b 133eaa9
Author: Svetoslav Neykov <sv...@cloudsoftcorp.com>
Authored: Thu Apr 21 11:45:39 2016 +0100
Committer: Svetoslav Neykov <sv...@cloudsoftcorp.com>
Committed: Thu Apr 21 11:45:39 2016 +0100
----------------------------------------------------------------------
guide/ops/brooklyn_properties.md | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
----------------------------------------------------------------------