Skip to main content

Home

Configuring RBAC Tags

RBAC uses tags for data filtering. You can use the tag values in Fields and Query data filters via a substitute tag keyword $tags.<tag_name>. Also, refer to Substitute tokens.

You can configure the tags available for users with properties or a user tagging script. If both are present, tags and tag values are calculated for the user in both ways and merged.

If you are unfamiliar with the concept of tagging, refer to What is tagging?.

Configure RBAC tags via properties
  1. From the installation directory, run the following command to set the tags.

    <Unravel installation directory>/unravel/manager config properties set com.unraveldata.login.tags "<tag1>, <tag2>"

    In <tag> , you must specify the tag you want to configure.

  2. Set the regex expression for each tag. The regex expression assigns the tag to the user with values that match the user's groups.

    <Unravel installation directory>/unravel/manager config properties set com.unraveldata.login.tag.<tag>.regex.find "<regex>"

    In <tag>, specify the tag to assign for the users.

    In <regex>, specify the regex, which gets the tag values by matching the user's groups.

    For example:

    <Unravel installation directory>/unravel/manager config properties set com.unraveldata.login.tag.tag1.regex.find "auto-(.*)"
  3. Stop Unravel, apply the changes, and start Unravel.

    <Unravel installation directory>/unravel/manager stop then config apply then start
    
Configure RBAC tags via the User Tagging script

A script that a customer can configure is used to get the tags for each user. You can find the script file at any of the following locations:

  • <Unravel installation directory>/unravel/data/conf/rbac_get_tags.js

  • <Unravel installation directory>/unravel/conf/rbac_get_tags.js

If you have an input file for the script, it is recommended to place that input file in the same directory as the script.

Following is a sample of the User Tagging script file and the corresponding input files associated with the script file.

Sample
  • Input file

    Input file: rbac_queues_groups.csv

    Input file path: /opt/unravel/conf/rbac_queues_groups.csv

    Queue Names;Group Name
    ala;ux-rg-bd-scealadlbiro-dev
    bda;ux-rg-bd-bigdataadmins
    root.users.user6;dummy-groups06,dummy-group12
    root.users.user7;dummy-group12
    
  • User Tagging script file

    Script file: rbac_get_tags.js

    Script file path: /opt/unravel/conf/rbac_get_tags.js

    const fs = require('fs');
    const path = require('path');
    
    const CSV_FILE_NAME = 'rbac_queues_groups.csv';
    const CSV_FILE_PATH = path.join(__dirname, CSV_FILE_NAME);
    
    function union(arr1, arr2) {
      const arr = [];
      const obj = {};
    
      for (let i = 0; i < arr1.length; i += 1) {
        arr.push(arr1[i]);
        obj[arr1[i]] = true;
      }
     
      for (let i = 0; i < arr2.length; i += 1) {
        if (!obj[arr2[i]]) {
          arr.push(arr2[i]);
        }
      }
    
      return arr;
    }
    
    function getGroupsQueuesMap() {
      let fd;
      const groupsQueuesMap = {};
    
      try {
        fd = fs.openSync(CSV_FILE_PATH, 'r');
      } catch (err) {
        console.error(
          'RBAC : could not open rbac_queues_groups.csv file; file path =',
          CSV_FILE_PATH
        );
        console.error(err);
        return {};
      }
    
      try {
        const txt = fs.readFileSync(fd, 'utf-8');
    
        if (typeof txt === 'string' && txt.length > 0) {
          const lines = txt.trim().split(/\r?\n/);
    
          for (let i = 1; i < lines.length; i += 1) {
            const line = lines[i];
            const queuesGroups = line.split(';');
            const queues = queuesGroups[0].split(',');
            const groups = queuesGroups[1].split(',');
            const formattedQueues = [];
            const formattedGroups = [];
    
            for (let j = 0; j < queues.length; j += 1) {
              const formattedQueue = queues[j].trim().toLowerCase();
    
              if (formattedQueue) {
                formattedQueues.push(formattedQueue);
              }
            }
    
            for (let j = 0; j < groups.length; j += 1) {
              const formattedGroup = groups[j].trim().toLowerCase();
    
              if (formattedGroup) {
                formattedGroups.push(formattedGroup);
              }
            }
            for (let j = 0; j < formattedGroups.length; j += 1) {
              const formattedGroup = formattedGroups[j];
    
              if (groupsQueuesMap[formattedGroup]) {
                groupsQueuesMap[formattedGroup] = union(
                  groupsQueuesMap[formattedGroup],
                  formattedQueues
                );
              } else {
                groupsQueuesMap[formattedGroup] = formattedQueues;
              }
            }
          }
        }
    
        return groupsQueuesMap;
      } catch (err) {
        console.error('RBAC : could not create Groups Queues Map.');
        console.error(err);
        return {};
      } finally {
        fs.closeSync(fd);
      }
    }
    
    const groupsQueuesMap = getGroupsQueuesMap();
    
    console.log('RBAC : Groups Queues Map -', JSON.stringify(groupsQueuesMap));
    
    function getTags(username, userGroups) {
      const tags = {};
    
      if (
        Object.keys(groupsFIdsMap).length === 0
        || !Array.isArray(userGroups)
        || userGroups.length === 0
      ) {
        return tags;
      }
      let rbac_queue = [];
    
      for (let i = 0; i < userGroups.length; i += 1) {
        const userGroup = userGroups[i].toLowerCase();
        const queues = groupsQueuesMap[userGroup];
    
        if (queues && queues.length > 0) {
          rbac_queue = union(rbac_queue, queues);
        }
      }
    
      if (rbac_queue.length > 0) {
        tags.rbac_queue = rbac_queue;
      }
    
      return tags;
    }
    
    module.exports = getTags;