Configuring LDAP Roles in the TIBCO BusinessEvents Rules Management Server (RMS).
Article ID: KB0093301
Updated On:
| Products | Versions |
|---|---|
| TIBCO BusinessEvents Enterprise Edition | - |
| Not Applicable | - |
Description
Description:
Configuring LDAP Roles in the TIBCO BusinessEvents Rules Management Server (RMS).
Symptoms:
N/A
Cause:
N/A
Configuring LDAP Roles in the TIBCO BusinessEvents Rules Management Server (RMS).
Symptoms:
N/A
Cause:
N/A
Issue/Introduction
Configuring LDAP Roles in the TIBCO BusinessEvents Rules Management Server (RMS).
Resolution
For each RMS project, you need to set up an access control file. In the access control file, you group the project resources as desired, giving each group (or individual resource) an ID. You use these IDs to assign permissions to each user role.
Looking at the shipped CreditCardApplication project, the following three roles have access to the project (defined in CreditCardApplication.ac file): Administrator, Business-User, Technical-User.
When using LDAP-based authentication, roles are defined and assigned to users in the LDAP directory. If you have the following configuration:
<property name="be.auth.ldap.roleAttr" value="memberOf"/>
the memberOf attribute of the user in LDAP is the attribute that carries the role information. You have two options to configure the role (assume we are logging with user Testuses):
1). With the current ac file, modify Testuser in LDAP and set the memberOf attribute with one of the values from Administrator, Business-User or Technical-User.
2). If Testuser has a different value of the memberOf attribute, (memberOf = ITGroupAdministrator) and you want to assign permissions to this role, then you add permissions to this user role in the .ac file.
When using LDAP-based authentication, roles are defined and assigned to users in the LDAP directory. If you have the following configuration:
<property name="be.auth.ldap.roleAttr" value="memberOf"/>
the memberOf attribute of the user in LDAP is the attribute that carries the role information. You have two options to configure the role (assume we are logging with user Testuses):
1). With the current ac file, modify Testuser in LDAP and set the memberOf attribute with one of the values from Administrator, Business-User or Technical-User.
2). If Testuser has a different value of the memberOf attribute, (memberOf = ITGroupAdministrator) and you want to assign permissions to this role, then you add permissions to this user role in the .ac file.
Additional Information
Chapter 11 Access Control for a Project from BusinessEvents5.1.1 Administration Guide.
Feedback
Yes
No
Powered by
