RBAC UI
Note
If com.unraveldata.login.mode is set to LDAP or SAML, you can only toggle the RBAC Access status.
The tags used for RBAC end-users must also be loaded as Application and Workflows tags. If they are not, the pages are filtered only on com.unraveldata.rbac.default. (See RBAC Configuration.)
Go to Manage | Role Manager to access the Role Manager.
The RBAC default is set via com.unraveldata.rbac.enabled. You can toggle the status of RBAC; however, when the Unravel daemon is restarted RBAC resets.
If you are not using LDAP/SAML login mode, you can add filters for specific end-users.
Any end-user roles you have previously set are displayed. If the Unravel daemon was restarted after you added end-user roles the entries are lost. You can add end-users one at a time via Add New Role. To add multiple users at a time create and upload a
csv
file.Adding roles.
You limit end-user access through tags. In the example below only two tags are available, project and tenant. If a 3rd tag, department, had been defined it would be available. The end-user filters between the red brackets were loaded using a .
csv
fileClicking on Add New Role adds a row to the Roles table containing text boxes (1). You must define the User and at least one tag restriction. To add multiple tag names under a tag type separate the tag names with commas, be sure the string contains no spaces or special characters. To save the entry click . Click to delete your entry click without saving it.
Adding one or more roles via a role file
Click on Select role file to choose the .
csv
file. The format of a .csv
is:first row is a header row defining the columns tags:
user,
tagKey[,tagKey]*
tagKey
: is a valid tag key, i.e., department, tenant.
one or more rows defining user and tag values:
user,
tagValue[,tagValue]*
tagValue
: is empty, a valid tag value fortagKey
, ortagString
,tagString
: is a series oftagValues
separated by commas and enclosed in quotes, and*: means zero or more
Note:
The file must define at least one
tagKey
, one user and onetagValue
for theuser
.After you add your last
tagValue
you can leave the rest of the row blank. See the userNew filter in the CSV file below for an example.tagValues
must be ordered as defined in the header row.No special characters or spaces are allowed in file.
The CSV file below was used to load filters within the red brackets.
user,project,tenant user72,"group1,group2",mm user25,,"3n,3m" userNew,groupNew user33,"group3,group2","3m,mm"
Editing or deleting roles.
To edit a role, click the edit glyph (). You can add or delete tags, but not edit the end-user's name.
To delete a role, click the delete glyph.
Effect of RBAC control
End-user's access with RBAC turned off
The user has access to all the Unravel UI features and all applications.
End-user's access with RBAC turned on.
The user only has access to their applications or those matching their tags.