IBM© DataPower Operations Dashboard v1.0.5.0

A newer version of this product documentation is available.

You are viewing an older version. View latest at IBM DPOD Documentation.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

DPOD uses Role Based Access control to splice user access to the information available through the system.

Registries

DPOD supports two types of authentication and authorization registries. An installation may choose to use either LDAP or DPOD's internal database registry. For ease of use, DPOD uses its internal database registry by default. Note however that it should only be used for non-production environments or during an evaluation process of DPOD.

For production environments, it is highly recommended to use LDAP registry.

Users and Groups

Managing Users and Groups in DPOD's Default Database Registry

  • Users are managed under [Manage → System → Users].

  • Groups are managed under  [Manage → System → Groups].

Users may be members of several groups.
For more information, read the Users and Security Groups sections under Security Management

Managing users & groups in LDAP

LDAP's configuration procedure is described in Working With LDAP. Follow that procedure to enable LDAP registry as the users and groups registry of DPOD.

When LDAP is enabled, users and groups are managed in LDAP registry only.

Product Roles

Built-in roles

Built-in roles are hard-coded, system-provisioned roles that limit access to certain pages of DPOD's Web Console.

Each user must be assigned to at least one built-in role, or they will not be able to login to the console. It is up to the administrator to decide whether to assign a built-in role directly to the user, or use the group membership mechanism to provide built-in role(s).

The built-in roles are available for view only under [Manage→ System → Roles] page (As described in Security Roles). Each built-in role can be linked to users or groups.

The table below lists the available built-in roles:

Role NameDescription
OpDashAdminRoleBuilt-in Administrator role. Provides full access.
OpDashPowerUserRoleBuilt-in Power User role. Allows access to Dashboards, Investigate, Explore, Reports execution
and viewing services configuration.
OpDashOperatorRoleBuilt-in role for controllers. Allows access to Dashboards, Investigate and Explore views.
OpDashInvestigatorRoleBuilt-in role for investigators. Allows access to some of the Dashboards and Investigate views.

Custom roles

Custom roles are optional, application-level, roles managed by the administrators. They can be used to limit access to certain data such as specific devices, domains, payload etc.

Each custom role is configured with several permission directives that dictate the allowed or denied access to devices, domains, services etc.

A user does not have to be assigned custom roles. Users that are not assigned any custom roles have access to all the data in the system, as limited by their built-in role to certain pages of the Web Console.

The custom roles are accessed and managed using the [Manage → System → Roles] page (As described in Security Roles). Each custom role can be linked to users or groups.

Multiple Custom Roles

When a user has multiple custom roles, with conflicting permissions, if one of the roles has negative value , it will take precedence over the same setting in the other roles - 

For example, a user has three roles:
The first role with "Allow Payload" = true
The second role with "Allow Payload" = true
The third role with "Allow Payload" = false

DPOD will set the user permission to "Allow Payload" = false 


  • No labels

IBM© DataPower Operations Dashboard (DPOD) v1.0.5.0