- Home
- Work-in-Progress Documentation
- Reference Guide
- Unravel Properties reference
- Role Based Access Control (RBAC)
Role Based Access Control (RBAC)
See RBAC configuration.
RBAC is reliant upon the tagging; if you are not familiar with the concept or how it is used see What is tagging.
Property/Description | Set by user | Unit | Default |
|---|---|---|---|
com.unraveldata.rbac.enabled Enables Role Based Access Control.
| boolean | true | |
com.unraveldata.rbac.default Determines how a end-user's views are filtered when no specific tags are set them.
| Optional | set member | - |
com.unraveldata.rbac.tagcmd The command to use to get the list of LDAP groups for an user. | string | /usr/local/unravel/etc/apptag.py | |
com.unraveldata.ngui.user.mode Determines the UI pages the end-user can access when RBAC is enabled. Value:
| string | extended |
Define these properties if com.unraveldata.login.mode=ldap. See LDAP properties for defining LDAP admins and read-only admins.
Property/Description | Set by user | Unit | Default |
|---|---|---|---|
com.unraveldata.rbac.ldap.tags A comma separated list of the prefix of LDAP groups to be used as tag_key. For example, PROJECT,DEPT. | - | CLS | - |
com.unraveldata.rbac.ldap.tag. Defines regular expression used to parse LDAP groups to generating the tag_value for a given tag_key. Value = where
For example, com.unraveldata.rbac.ldap.tag.PROJECT.regex.find=PROJECT-(.*) Note: The LDAP group is processed until a match is found. If you have defined more than one group in your definition only the first group pre is processed with the remaining ignored. The best practice is to define each tag_value tag in it's own LDAP group. | - | CLS | - |
Define these properties if com.unraveldata.login.mode=saml. See SAML properties for defining SAML admins and read-only admins.
Property/Description | Set by user | Unit | Default |
|---|---|---|---|
com.unraveldata.rbac.saml.tags A comma separated list of the prefix of SAML groups to be used as tag_key(s). For example, PROJECT,DEPT. | - | CLS | - |
com.unraveldata.rbac.saml.tag. Defines regular expression used to parse SAML groups to generating the tag_value(s) for a given tag_key. Value = where For example, com.unraveldata.rbac.ldap.tag.PROJECT.regex.find=PROJECT-(.*) Note: The SAML group is processed until a match is found. If you have defined more than one group in your definition only the first group pre is processed with the remaining ignored. The best practice is to define each tag_value tag in it's own LDAP group. | - | CLS | - |