Authorization Roles Configuration Parameters

The [AuthorizationRoles] section contains definitions for roles that enable particular sets of actions for particular clients, SSL identities, and GSS principals.

You must create a subsection for each authorization role that you define in the [AuthorizationRoles] configuration section.

This configuration provides more flexible configuration for user authorization and permissions than AdminClients, QueryClients, and so on. You define the permissions that a particular role has by using StandardRoles, or by specifying the Actions and ServiceActions that you want the role to be able to use. You define the users that belong to a particular role by using Clients, GSSPrincipals, and SSLIdentities.

If a connection matches one of the allowed clients, principals, or SSL identities, they have permission to perform the operations allowed by the role.

For example:

[AuthorizationRoles]
0=AdminRole
1=IDOLUserRole
2=StatusOnlyRole

[AdminRole]
StandardRoles=Admin,ServiceControl
Clients=localhost
SSLIdentities=admin.example.com
GSSPrincipals=CONTENT01/admin.example.com@EXAMPLE.COM

[IDOLRole]
StandardRoles=User,ServiceStatus
SSLIdentities=admin.example.com,userserver.example.com
GSSPrincipals=CONTENT01/admin.example.com@EXAMPLE.COM,CONTENT02/userserver.example.com@EXAMPLE.COM

[StatusOnlyRole]
ServiceActions=GetStatus
SSLIdentities=general.example.com

You can use the ShowPermissions action to check the permissions for a user.

N

My Authorization Role


_HP_HTML5_bannerTitle.htm