Configure Client Authorization

You can configure Distributed Index Handler to authorize different operations for different connections.

Authorization roles define a set of operations for a set of users. You define the operations by using the StandardRoles configuration parameter, or by explicitly defining a list of allowed actions in the Actions and ServiceActions parameters. You define the authorized users by using a client IP address, SSL identities, and GSS principals, depending on your security and system configuration.

For more information about the available parameters, see the Distributed Index Handler Reference.

To configure authorization roles

  1. Open your configuration file in a text editor.

  2. Find the [AuthorizationRoles] section, or create one if it does not exist.

  3. In the [AuthorizationRoles] section, list the user authorization roles that you want to create. For example:

    [AuthorizationRoles]
    0=AdminRole
    1=UserRole
  4. Create a section for each authorization role that you listed. The section name must match the name that you set in the [AuthorizationRoles] list. For example:

    [AdminRole]
  5. In the section for each role, define the operations that you want the role to be able to perform. You can set StandardRoles to a list of appropriate values, or specify an explicit list of allowed actions by using Actions, and ServiceActions. For example:

    [AdminRole]
    StandardRoles=Admin,ServiceControl,ServiceStatus
    
    [UserRole]
    Actions=GetVersion
    ServiceActions=GetStatus
    NOTE:

    The standard roles do not overlap. If you want a particular role to be able to perform all actions, you must include all the standard roles, or ensure that the clients, SSL identities, and so on, are assigned to all relevant roles.

  6. In the section for each role, define the access permissions for the role, by setting Clients, SSLIdentities, and GSSPrincipals, as appropriate. If an incoming connection matches one of the allowed clients, principals, or SSL identities, the user has permission to perform the operations allowed by the role. For example:

    [AdminRole]
    StandardRoles=Admin,ServiceControl,ServiceStatus
    Clients=localhost
    SSLIdentities=admin.example.com
  7. Save and close the configuration file.

  8. Restart Distributed Index Handler for your changes to take effect.


_HP_HTML5_bannerTitle.htm