Home

RBAC UI

Note

If com.unraveldata.login.mode is set to LDAP or SAML, you can only toggle the RBAC Access status.

The tags used for RBAC end-users must also be loaded as Application and Workflows tags. If they are not, the pages are filtered only on com.unraveldata.rbac.default. (See RBAC Configuration.)

  1. Go to Manage | Role Manager to access the Role Manager.

    The RBAC default is set via com.unraveldata.rbac.enabled. You can toggle the status of RBAC; however, when the Unravel daemon is restarted RBAC resets.

    RBAC-Disabled.png
  2. If you are not using LDAP/SAML login mode, you can add filters for specific end-users.

    Any end-user roles you have previously set are displayed. If the Unravel daemon was restarted after you added end-user roles the entries are lost. You can add end-users one at a time via Add New Role. To add multiple users at a time create and upload a csv file.

    RBAC-Adding Roles.png
  3. Adding roles.

    You limit end-user access through tags. In the example below only two tags are available, project and tenant. If a 3rd tag, department, had been defined it would be available. The end-user filters between the red brackets were loaded using a .csv file

    RBAC-ExampleWithLoadByCSV.png

    Clicking on Add New Role adds a row to the Roles table containing text boxes (1). You must define the User and at least one tag restriction. To add multiple tag names under a tag type separate the tag names with commas, be sure the string contains no spaces or special characters. To save the entry click saveDisk.png. Click closeCross.png to delete your entry click without saving it.

    Adding one or more roles via a role file

    Click on Select role file to choose the .csv file. The format of a .csv is:

    first row is a header row defining the columns tags: user,tagKey[,tagKey]*

    • tagKey: is a valid tag key, i.e., department, tenant.

    one or more rows defining user and tag values: user,tagValue[,tagValue]*

    • tagValue: is empty, a valid tag value for tagKey, or tagString,

    • tagString: is a series of tagValues separated by commas and enclosed in quotes, and

    • *: means zero or more

    Note:

    The file must define at least one tagKey, one user and one tagValue for the user.

    After you add your last tagValue you can leave the rest of the row blank. See the userNew filter in the CSV file below for an example.

    tagValues must be ordered as defined in the header row.

    No special characters or spaces are allowed in file.

    The CSV file below was used to load filters within the red brackets.

    user,project,tenant 
    user72,"group1,group2",mm 
    user25,,"3n,3m" userNew,groupNew 
    user33,"group3,group2","3m,mm"
    
  4. Editing or deleting roles.

    To edit a role, click the edit glyph (Edit.png). You can add or delete tags, but not edit the end-user's name.

    To delete a role, click the delete glyph.

Effect of RBAC control
End-user's access with RBAC turned off

The user has access to all the Unravel UI features and all applications.

RBAC-OffEnduserView.png
RBAC-OffApplication.png
End-user's access with RBAC turned on.

The user only has access to their applications or those matching their tags.

4.3 RBAC feature guide.png