RBAC is the CA AppLogic® Role Based Access Control system. It provides granular control over which users can perform specific actions on designated objects in a grid. The general purpose of RBAC is to allow many users to work on a single grid without overwriting another user's work. RBAC is not intended to provide true multi-tenancy. For example, all users can view the list of all applications (object name spaces are not segregated). For information on configuring RBAC for your grids, see Configuring Grid Authentication in the BFC User Guide.
RBAC supports both users and groups for the purpose of authorizing a user action. Groups may include users or other groups as members. Users and groups that are specific to a particular grid can be created using the CA AppLogic® Command Line Interface. User and group information is maintained in a directory service (OpenLDAP) that is installed on the grid controller.
RBAC also supports the optional use of an external directory service such as Active Directory. In this case, user and group information is obtained from the external directory service when a user authenticates using this service. CA AppLogic® refers to users and groups that are specific to a grid as local users. Users and groups that are maintained in an external directory service are referred to as global. The respective directory services are also distinguished as local or global. A grid may be accessed by both local and global users.
There are two pre-defined local groups: all and admin. The local group all implicitly includes all users. The local group admin is granted grid_administrator access level rights on the grid Access Control List (ACL) by default. For more information about ACL, see Managing Access to Objects.
Note: RBAC does not eliminate maintainer access to a grid. Operations performed by a maintainer are not subject to authorization.
This section contains the following topics:
|
Copyright © 2012 CA.
All rights reserved.
|
|