- Home
- Unravel 4.6.2.1 Documentation
- User guide
- Advanced topics
- Unravel properties
- Role Based Access Control (RBAC)
Role Based Access Control (RBAC)
See RBAC configuration.
RBAC is reliant upon the tagging; if you are not familiar with the concept or how it is used see What is tagging.
Property/Description | Set by user | Unit | Default |
---|---|---|---|
com.unraveldata.rbac.enabled Enables Role-Based Access Control.
| boolean | true | |
com.unraveldata.rbac.default Determines how end-users views are filtered when no specific tags are set.
| Optional | set member | - |
com.unraveldata.rbac.tagcmd The command to get the list of LDAP groups for a user. | string | /usr/local/unravel/etc/apptag.py | |
com.unraveldata.ngui.user.mode Determines the UI pages the end-user can access when RBAC is enabled. Value:
| string | extended |
Define these properties if com.unraveldata.login.mode=ldap. See LDAP properties for defining LDAP admins and read-only admins.
Property/Description | Set by user | Unit | Default |
---|---|---|---|
com.unraveldata.rbac.ldap.tags A comma-separated list of the tags. For example, proj, dept. | Optional | CLS | - |
com.unraveldata.rbac.ldap.tag. Defines regular expression used to extract a tag_value for a given tag_key. For example: com.unraveldata.rbac.ldap.tag.PROJECT.regex.find=ORG-(.*)-COM Note: The LDAP group is processed until a match is found. If you have defined more than one group in your definition only the first group pre is processed and the remaining groups are ignored. The best practice is to define each tag_value tag in its LDAP group. | Optional | CLS | - |
Define these properties if com.unraveldata.login.mode=saml. See SAML properties for defining SAML admins and read-only admins.
Property/Description | Set by user | Unit | Default |
---|---|---|---|
com.unraveldata.rbac.saml.tags A comma-separated list of tags. For example: proj, dept. | Optional | CLS | - |
com.unraveldata.rbac.saml.tag. Defines a regular expression to extract a tag_value for a given tag_key. For example: com.unraveldata.rbac.ldap.tag.PROJECT.regex.find=ORG-(.*)-COM Note: The SAML group is processed until a match is found. If you have defined more than one group in your definition, only the first group pre is processed, with the remaining ignored. The best practice is to define each tag_value tag in its LDAP group. | Optional | CLS | - |