RBAC is the CA AppLogic for System z® Role Based Access Control system. It provides granular control over which users can perform specific actions on designated objects in a grid. The general purpose of RBAC is to allow many users to work on a single grid without overwriting another user's work. RBAC is not intended to provide true multi-tenancy. For example, all users can view the list of all applications (object name spaces are not segregated). For information on configuring RBAC for your grids, see Configuring Authentication in the Backbone Fabric Controller User Guide.
RBAC supports both users and groups for the purpose of authorizing a user action. Groups may include users or other groups as members. Users and groups that are specific to a particular grid can be created using the CA AppLogic for System z® Command Line Interface. User and group information is maintained in a directory service (OpenLDAP) that is installed on the grid controller.
AppLogic 3.0 – the non-System z product – supports the optional use of an external directory service such as Active Directory. Users and Groups defined in such a directory are termed “global users” and “global” groups. While CA AppLogic for System z® does not support global directories, for purposes of clarity and to keep similar command syntax all users and groups on CA AppLogic for System z are referred to as ‘local’.
There are two pre-defined local groups: all and admin. The local group all implicitly includes all users. The local group admin is granted grid_administrator access level rights on the grid Access Control List (ACL) by default. For more information about ACL, see Managing Access to Objects.
Note: RBAC does not eliminate maintainer access to a grid. Operations performed by a maintainer are not subject to authorization.
|
Copyright © 2013 CA.
All rights reserved.
|
|