Defining Access Control Lists (ACLs)

ACLs are organized in a tree:

  • The root tree node is called host.
  • The second level tree node is the host name of the machine where the host server is installed.
  • The third level tree node is the Cloverleaf root. For example, integrator6.2.

These nodes are under the Cloverleaf root node:

  • application: This is defined in the root level.
  • command: This is defined in the root level.
  • config: This is defined in the root level.
  • webservices: This is defined in the root level.
  • Individual site: ACLs in this level are defined in the individual site.

application, command, config, and webservices define the ACLs in the root level. The ACLs in the site level are defined in the individual site.

The ACL tree node structure is:

– host
- – host01
- – – integrator6.1
– – – – application
– – – – command
– – – – config
– – – – webservices
– – – – site01
– – – – – application
– – – – – command
– – – – – config
– – – – site02
– – – – – application
– – – – – command
– – – – – config
- – – integrator6.2
– – – – application
– – – – command
– – – – config
– – – – webservices
– – – – site11
– – – – – application
– – – – – command
– – – – – config
– – – – site12
– – – – – application
– – – – – command
– – – – – config

You can define the ACLs for these tools or applications in the application root level tree node:

  • clapi: The restful API published on host server
  • hciaclrolemgr: ACL/Role Manager
  • hciauditlog: Audit Log Viewer
  • hcibox: Box Manager
  • hcicertmgr: Certificate Manager
  • hciguisiteini: Site Init GUI
  • hciserveradmin: Server Administration
  • usercmd: This is under command and are user commands which are not listed in the IDE commands.

You can define the ACLs for the file operation in the config root level:

  • box: box
  • eo: Engine Output Alias
  • json: JSON
  • proc: TCL proc
  • rootInfo: rootInfo
  • userfile: upload file

You can define the ACLs for the web service in the webservices root level.

The nodes under site represent the resources of the site level. application is for applications such as:

  • hciaccess: IDE
  • hcialertconfig: Alert Configuration
  • hcinetconfig: Network Configurator
  • hcinetmonitor: Network Monitor

The command nodes are commands for actions. For example, hcicmd for Network Monitor and config for the configuration files, including alert, frl, hl7, and NetConfig.

These are the permission types for user and roles:

  • execute - e (for application and command)
  • read - r (for config)
  • write - w (for config)
  • insert - i (for config)
  • delete - d (for config)

In most cases, if you have permission of config, you must run permissions for the specific application. Then, you must read, write, insert, and delete permissions for the specific config.

Some configurators require additional run permission for specific commands, for example, NetConfig and NetMonitor.

Example

This table shows how to configure the permissions using a host server named CNSHN01 and a current version of 6.2:

Description Resources Permissions
Full access to all host r, w, i, d, e
Read access to site helloworld host/chshn01/integrator6.2/helloworld r
Full access to site product host/chshn01/integrator6.2/product r, w, i, d, e
Deploy BOX host/chshn01/integrator6.2/application/hcibox host/chshn01/integrator6.2/config/box

e

i

Alert Configurator

On site helloworld

host/chshn01/integrator6.2/helloworld/application/hcialertconfighost/chshn01/integrator6.2/helloworld/config/alert

e

r, w, i, d

Translation Configurator

On site helloworld

host/chshn01/integrator6.2/helloworld/application/ hcitranslateconfig host/chshn01/integrator6.2/helloworld/config/xlate

e

r, w, i, d

NetConfig

On site helloworld

host/chshn01/integrator6.2/helloworld/application/hcinetconfig host/chshn01/integrator6.2/helloworld/config/NetConfig host/chshn01/integrator6.2/helloworld/config/multiview host/chshn01/integrator6.2/helloworld/config/siteInfo

e

r, w

r, w

r, w

Start NetMonitor host/chshn01/integrator6.2/helloworld/application/hcinetmonitor host/chshn01/ integrator6.2/helloworld/command/hcisitectl host/chshn01/ integrator6.2/helloworld/config/multiview host/chshn01/ integrator6.2/helloworld/config/NetConfig

e

e

r

r