Home

Configuring RBAC general properties

  1. Open /usr/local/unravel/etc/unravel.properties. Search for and update the following properties; if you can't find them, add them. See RBAC properties for descriptions. Set com.unraveldata.login.mode to open, ldap or saml.

    com.unraveldata.login.mode=mode 
    com.unraveldata.rbac.enabled=true 
    com.unraveldata.rbac.default=userName 
    com.unraveldata.ngui.user.mode=extended  
    com.unraveldata.rbac.tagcmd=path_of_tag_file  

    Note

    If you are upgrading from 4.3, you must replace/redefine the following properties. Here we are assuming login.mode=ldap. If login.mode=saml, you use saml in the following properties instead of ldap.

    4.3 property

    Replacement

    com.unraveldata.rbac.mode=ldap

    com.unraveldata.login.mode=ldap

    com.unraveldata.rbac.prefix=dept-

    com.unraveldata.rbac.ldap.tag.dept.regex.find=dept-(.*)

    com.unraveldata.rbac.tag=dept

    com.unraveldata.rbac.ldap.tags=dept

    com.unraveldata.rbac.user.operations.enabled=true

    com.unraveldata.ngui.user.mode=(extended | restricted)

  2. You can exempt specific end-users from RBAC effects by adding them to the read-only admin group. Modify the following property, based upon com.unraveldata.login.mode.

    Open

    com.unraveldata.login.admins.readonly=user1,user2,user3

    LDAP

    com.unraveldata.login.admins.ldap.readonly=user1,user2,user3

    SAML

    com.unraveldata.login.admins.saml.readonly=user1,user2,user3