Open topic with navigation
You can configure Query Manipulation Server to authorize different operations for different connections.
Authorization roles define a set of operations for a set of users. You define the operations by using the
StandardRoles configuration parameter, or by explicitly defining a list of allowed actions in the
ServiceActions parameters. You define the authorized users by using a client IP address, SSL identities, and GSS principals, depending on your security and system configuration.
For more information about the available parameters, see the Query Manipulation Server Reference.
To configure authorization roles
Open your configuration file in a text editor.
[AuthorizationRoles] section, or create one if it does not exist.
[AuthorizationRoles] section, list the user authorization roles that you want to create. For example:
[AuthorizationRoles] 0=AdminRole 1=UserRole
Create a section for each authorization role that you listed. The section name must match the name that you set in the
[AuthorizationRoles] list. For example:
In the section for each role, define the operations that you want the role to be able to perform. You can set
StandardRoles to a list of appropriate values, or specify an explicit list of allowed actions by using
ServiceActions. For example:
[AdminRole] StandardRoles=Admin,ServiceControl,ServiceStatus [UserRole] Actions=GetVersion ServiceActions=GetStatus
The standard roles do not overlap. If you want a particular role to be able to perform all actions, you must include all the standard roles, or ensure that the clients, SSL identities, and so on, are assigned to all relevant roles.
In the section for each role, define the access permissions for the role, by setting
GSSPrincipals, as appropriate. If an incoming connection matches one of the allowed clients, principals, or SSL identities, the user has permission to perform the operations allowed by the role. For example:
[AdminRole] StandardRoles=Admin,ServiceControl,ServiceStatus Clients=localhost SSLIdentities=admin.example.com
Save and close the configuration file.
Restart Query Manipulation Server for your changes to take effect.