Home

Example RBAC configurations

Admins and read-only admins are always exempt from RBAC restrictions. To use RBAC, set these properties:

  • com.unraveldata.rbac.enabled=true

  • com.unraveldata.ngui.user.mode=[extended | restricted]

  • com.unraveldata.login.admins[.readyonly] are irrelevant if mode is LDAP or SAML.

    [empty]

Note

In the examples below use LDAP, for SAML just substitute saml for ldap. Replace your local values for text.

Set admin access

To set admin and not read-only admin access, set and comment out:

com.unraveldata.login.admins=L772417,K228680
#com.unraveldata.login.admins.readonly=

For LDAP or SAML, set and comment out:

com.unraveldata.login.mode=LDAP
com.unraveldata.login.admins.ldap.groups=LDAP_Users,,,,
#com.unraveldata.login.admins.readonly.ldap.groups=LDAP_Users,,,,
Set only read-only admin access

To set only read-only admin access, set and comment out:

com.unraveldata.login.admins.readonly=RO-L772417,RO-K228680
#com.unraveldata.login.admins=L772417,K22868 

For LDAP or SAML, set and comment out:

com.unraveldata.login.mode=LDAP 
com.unraveldata.login.admins.readonly.ldap.groups=LDAP_Users,,,,, 
#com.unraveldata.login.admins.ldap.groups=LDAP_Users
Set admin and read-only admin access

For admin and read-only admin access, set:

com.unraveldata.login.admins=L772417,K228680
com.unraveldata.login.admins.readonly=RO-L772417,RO-K228680 

For LDAP or SAML set:

com.unraveldata.login.mode=LDAP 
com.unraveldata.login.admins.readonly.ldap.groups=LDAP_Users,,,,
com.unraveldata.login.admins.ldap.groups=LDAP_Users
Exempt select end-users from RBAC

To exempt end-users from RBAC add them to the read-only admin property:

com.unraveldata.login.admins.readonly=RO-L772417,RO-K228680 

For LDAP or SAML add them to:

com.unraveldata.login.admins.ldap.groups=LDAP_Users