Example RBAC configurations
Admins and read-only admins are always exempt from RBAC restrictions. To use RBAC, set these properties:
com.unraveldata.rbac.enabled=true
com.unraveldata.ngui.user.mode=[extended | restricted]
com.unraveldata.login.admins[.readyonly] are irrelevant if mode is LDAP or SAML.
[empty]
Note
In the examples below use LDAP, for SAML just substitute saml for ldap. Replace your local values for text
.
Set admin access
To set admin and not read-only admin access, set and comment out:
com.unraveldata.login.admins=L772417,K228680 #com.unraveldata.login.admins.readonly=
For LDAP or SAML, set and comment out:
com.unraveldata.login.mode=LDAP com.unraveldata.login.admins.ldap.groups=LDAP_Users,,,, #com.unraveldata.login.admins.readonly.ldap.groups=LDAP_Users,,,,
Set only read-only admin access
To set only read-only admin access, set and comment out:
com.unraveldata.login.admins.readonly=RO-L772417,RO-K228680 #com.unraveldata.login.admins=L772417,K22868
For LDAP or SAML, set and comment out:
com.unraveldata.login.mode=LDAP com.unraveldata.login.admins.readonly.ldap.groups=LDAP_Users
,,,,, #com.unraveldata.login.admins.ldap.groups=LDAP_Users
Set admin and read-only admin access
For admin and read-only admin access, set:
com.unraveldata.login.admins=L772417,K228680 com.unraveldata.login.admins.readonly=RO-L772417,RO-K228680
For LDAP or SAML set:
com.unraveldata.login.mode=LDAP com.unraveldata.login.admins.readonly.ldap.groups=LDAP_Users
,,,, com.unraveldata.login.admins.ldap.groups=LDAP_Users
Exempt select end-users from RBAC
To exempt end-users from RBAC add them to the read-only admin property:
com.unraveldata.login.admins.readonly=RO-L772417,RO-K228680
For LDAP or SAML add them to:
com.unraveldata.login.admins.ldap.groups=LDAP_Users