My Authorization Role Configuration Parameters

The individual authorization role sections contain settings that define the authorization role.

You must create a subsection for each authorization role that you define in the [AuthorizationRoles] configuration section.

This configuration provides more flexible configuration for user authorization and permissions than AdminClients, QueryClients, and so on. You define the permissions that a particular role has by using StandardRoles, or by specifying the Actions, IndexActions, and ServiceActions that you want the role to be able to use. You define the users that belong to a particular role by using Clients, GSSPrincipals, and SSLIdentities.

If a connection matches one of the allowed clients, principals, or SSL identities, they have permission to perform the operations allowed by the role.

For example:

[AuthorizationRoles]
0=AdminRole
1=IDOLUserRole
2=StatusOnlyRole

[AdminRole]
StandardRoles=Admin,Index,ServiceControl
Clients=localhost
SSLIdentities=admin.example.com
GSSPrincipals=CONTENT01/admin.example.com@EXAMPLE.COM

[IDOLRole]
StandardRoles=User,ServiceStatus
SSLIdentities=admin.example.com,userserver.example.com
GSSPrincipals=CONTENT01/admin.example.com@EXAMPLE.COM,CONTENT02/userserver.example.com@EXAMPLE.COM

[StatusOnlyRole]
ServiceActions=GetStatus
SSLIdentities=general.example.com

You can use the ShowPermissions action to check the permissions for a user.

Actions

Clients

GSSPrincipals

IndexActions

ServiceActions

SSLIdentities

StandardRoles


_HP_HTML5_bannerTitle.htm