Configuring RBAC general properties

Skip to main content

Home

Configuring RBAC general properties

Open /usr/local/unravel/etc/unravel.properties. Search for and update the following properties; if you can't find them, add them. See RBAC properties for descriptions. Set com.unraveldata.login.mode to open, ldap or saml.

com.unraveldata.login.mode=mode 
com.unraveldata.rbac.enabled=true 
com.unraveldata.rbac.default=userName 
com.unraveldata.ngui.user.mode=extended  
com.unraveldata.rbac.tagcmd=path_of_tag_file

Note

If you are upgrading from 4.3, you must replace/redefine the following properties. Here we are assuming login.mode=ldap. If login.mode=saml, you use saml in the following properties instead of ldap.

4.3 property	Replacement
com.unraveldata.rbac.mode=ldap	com.unraveldata.login.mode=ldap
com.unraveldata.rbac.prefix=dept-	com.unraveldata.rbac.ldap.tag.dept.regex.find=dept-(.*)
com.unraveldata.rbac.tag=dept	com.unraveldata.rbac.ldap.tags=dept
com.unraveldata.rbac.user.operations.enabled=true	com.unraveldata.ngui.user.mode=(extended \| restricted)

You can exempt specific end-users from RBAC effects by adding them to the read-only admin group. Modify the following property, based upon com.unraveldata.login.mode.
Open
```
com.unraveldata.login.admins.readonly=user1,user2,user3
```
LDAP
```
com.unraveldata.login.admins.ldap.readonly=user1,user2,user3
```
SAML
```
com.unraveldata.login.admins.saml.readonly=user1,user2,user3
```

In this section:

Would you like to provide feedback? Just click here to suggest edits.