Mapping Users to Roles
Depending on the authentication or user management mechanism used, the role that a user should have is specified and then mapped to a group set in Streams.properties.
Property |
Description |
Default Value |
access.administrator.groups |
The role that is mapped to the administrator group. Allowed to perform the following: · connect to or disconnect from the CEP Engine. · create, rename, remove folders and subfolders, upload applications or data sources, and manage users or groups that should be granted or denied access. · import and export application bundles. · rename, view topic or data source usage, move, copy, download, remove, and publish/republish applications to folders to which the user has permission. · rename, view application usage, move, copy, download, and remove data sources. · Administer the server which includes: o refresh, start, and stop data producers. o view engine metrics and retrieved messages. o add, modify, refresh, and delete parameters. o define file logging level or view, pause, resume logging, copy, and clear all logs o view Kafka properties. |
admin |
access.default.roles |
The default roles applied to all users of the server. For example, if access.default.roles=DESIGNER,ADMINISTRATOR and a user with a VIEWER role logs on to the server, then the user will simultaneously have a VIEWER, DESIGNER, and ADMINISTRATOR roles. However, if no default roles are wanted, then leave the property blank. NOTE: The roles that can be assigned in this property can only be ADMINISTRATOR, VIEWER, ANONYMOUS, and/or DESIGNER. This property is case sensitive. |
VIEWER |
access.designer.groups |
The role that is mapped to the designer group. Allowed to perform the following: · import and export application bundles. · create, rename, remove folders and subfolders, upload applications or data sources, and manage users or groups that should be granted or denied access. · create, rename, view topic or data source usage, move, copy, download, remove, and publish/republish applications to folders to which the user has permission · create, rename, view application usage, move, copy, download, and remove data sources. |
designer |
access.viewer.groups |
The role that is assigned to the viewer group. Allowed to view the engine status.
|
viewer |
NOTE |
Group sets can be added for a role, by default separated by a comma.
|