Defining Access Control Lists (ACLs)
ACLs are organized in a tree:
- The root tree node is called
host
. - The second level tree node
is the
host name
of the machine where the host server is installed. - The third level tree node is
the Cloverleaf
root
. For example,integrator6.2
.
These nodes are under the Cloverleaf
root node:
application
: This is defined in the root level.command
: This is defined in the root level.config
: This is defined in the root level.webservices
: This is defined in the root level.- Individual site: ACLs in this level are defined in the individual site.
application
, command
, config
, and webservices
define the ACLs in the root level. The ACLs in
the site level are defined in the individual site.
The ACL tree node structure is:
– host
- – host01
- – – integrator6.1
– – – – application
– – – – command
– – – – config
– – – – webservices
– – – – site01
– – – – – application
– – – – – command
– – – – – config
– – – – site02
– – – – – application
– – – – – command
– – – – – config
- – – integrator6.2
– – – – application
– – – – command
– – – – config
– – – – webservices
– – – – site11
– – – – – application
– – – – – command
– – – – – config
– – – – site12
– – – – – application
– – – – – command
– – – – – config
You can define the ACLs for these tools or applications in the application
root level tree node:
: The restful API published on host serverclapi
-
hciaclrolemgr
: ACL/Role Manager -
hciauditlog
: Audit Log Viewer -
hcibox
: Box Manager -
hcicertmgr
: Certificate Manager -
hciguisiteini
: Site Init GUI -
hciserveradmin
: Server Administration -
usercmd
: This is undercommand
and are user commands which are not listed in the IDE commands.
You can define the ACLs for the file operation in the config
root level:
-
box
: box -
eo
: Engine Output Alias -
json
: JSON -
proc
: TCL proc -
rootInfo
: rootInfo -
userfile
: upload file
You can define the ACLs for the web service in the webservices
root level.
The nodes under site
represent the
resources of the site level. application
is for
applications such as:
- hciaccess: IDE
- hcialertconfig: Alert Configuration
- hcinetconfig: Network Configurator
- hcinetmonitor: Network Monitor
The command
nodes are commands for
actions. For example, hcicmd for Network Monitor and
config for the configuration files, including
alert
, frl
,
hl7
, and NetConfig
.
These are the permission types for user and roles:
-
execute - e
(forapplication
andcommand
) -
read - r
(forconfig
) write - w
(forconfig
)insert - i
(forconfig
)delete - d
(forconfig
)
In most cases, if you have permission of config
, you must run permissions for the specific application. Then, you
must read, write, insert, and delete permissions for the specific config
.
Some configurators require additional run permission for specific commands, for
example, NetConfig
and NetMonitor
.
Example
This table shows how to configure the permissions using a host server named CNSHN01 and a current version of 6.2:
Description | Resources | Permissions |
---|---|---|
Full access to all | host
|
r, w, i, d, e |
Read access to site helloworld
|
host/chshn01/integrator6.2/helloworld |
r |
Full access to site product
|
host/chshn01/integrator6.2/product |
r, w, i, d, e |
Deploy BOX | host/chshn01/integrator6.2/application/hcibox
host/chshn01/integrator6.2/config/box
|
e i |
Alert Configurator On site |
host/chshn01/integrator6.2/helloworld/application/hcialertconfig host/chshn01/integrator6.2/helloworld/config/alert
|
e r, w, i, d |
Translation Configurator On site |
host/chshn01/integrator6.2/helloworld/application/
hcitranslateconfig
host/chshn01/integrator6.2/helloworld/config/xlate
|
e r, w, i, d |
NetConfig On
site |
host/chshn01/integrator6.2/helloworld/application/hcinetconfig
host/chshn01/integrator6.2/helloworld/config/NetConfig
host/chshn01/integrator6.2/helloworld/config/multiview
host/chshn01/integrator6.2/helloworld/config/siteInfo
|
e r, w r, w r, w |
Start NetMonitor | host/chshn01/integrator6.2/helloworld/application/hcinetmonitor
host/chshn01/
integrator6.2/helloworld/command/hcisitectl host/chshn01/
integrator6.2/helloworld/config/multiview host/chshn01/
integrator6.2/helloworld/config/NetConfig
|
e e r r |