Access permission

For basic security access permission, the Cloverleaf administrator grants access to users through a log-in using a user name and password.

Advanced security access permission is required to assign the corresponding permission for CLAPI in the ACL/Role Manager tool. In addition to user name and password authentication, the service uses the security server to grant access based on the user’s permissions.

  • clapi under the integrator node on the ACL tree is used to control whether the user has the permission to use CLAPI.
  • usercmd under the integrator/command node is used to control whether the user has the permission to run generic commands.
  • userfile under the integrator/config node is used to control whether the user has the permission to upload generic files.
  • Users should be given correct permissions on the ACL tree to access/modify any other resources.
  • When creating a site through the Cloverleaf API, users should provide a pre-defined permission template on the security server. This is so that the corresponding permissions are given to the newly created site. Otherwise, the user should manually define the permission on security server after creating the site. Then, the user can do configuration on that site.