MCに組み込まれたユーザ権限を編集する方法

フォローする

MCのユーザ権限を設定する方法は、MCにデフォルトで用意されている設定ファイルによるものと、LDAP認証を用いてそちら側で設定する方法の2種類が存在します。

MCにデフォルトで用意されている設定ファイルの編集は保証の対象外ではありますが、MCをTomcat構築する場合には、Tomcat上に配置するMCの設定ファイル(WEB-INFフォルダ内)を編集することにより既存のセキュリティグループの権限を編集したり、新たなセキュリティグループを追加することができます。

また、MCをTomcat構築しない場合であっても、以下の方法によりセキュリティグループを編集することが可能です。

デフォルトでMCが展開されるパス %LocalAppdata%\Kapow\{バージョン}\Temp\Root\WEB-INF
権限設定ファイル名 roles.xml

セキュリティグループ(ユーザ権限)の設定内容

<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="             http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
 
    <!-- version of the file, used when upgrading from previous versions -->
    <bean class="com.kapowtech.scheduler.server.license.StringBasedVersion" id="rolesVersion">
        <property name="fullVersion" value="9.3.0"/>
    </bean>
    <!-- This file defines the list of application roles user can have.
    Roles are mapped to user of a security group, the users permissions are calculated based on the
     roles which are mapped to security groups of which the user is a member.
     You may modify or additional roles to fit your needs.
     -->
 
    <bean class="com.kapowtech.scheduler.client.auth.Roles" id="roles">
        <property name="roles">
            <list>
 
                <bean class="com.kapowtech.scheduler.client.auth.Role">
                    <property name="roleName" value="Administrator"/>
                    <property name="description" value="A role with all priveleges"/>
                    <property name="permissions">
                        <bean class="com.kapowtech.scheduler.client.auth.Permissions">
                            <property name="dashBoardPermissions">
                                <bean class="com.kapowtech.scheduler.client.auth.DashBoardPermissions">
                                    <property name="viewDashboard" value="true"/>
                                </bean>
                            </property>
                            <property name="schedulesTabPermissions">
                                <bean class="com.kapowtech.scheduler.client.auth.SchedulesTabPermissions">
                                    <property name="viewSchedules" value="true"/>
                                    <property name="editSchedules" value="true"/>
                                    <property name="deleteSchedule" value="true"/>
                                    <property name="startSchedules" value="true"/>
                                    <property name="stopSchedules" value="true"/>
                                </bean>
                            </property>
                            <property name="robotsTabPermissions">
                                <bean class="com.kapowtech.scheduler.client.auth.RobotsTabPermissions">
                                    <property name="viewRobots" value="true"/>
                                    <property name="addRobot" value="true"/>
                                    <property name="deleteRobot" value="true"/>
                                    <property name="downloadRobot" value="true"/>
                                    <property name="runRobot" value="true"/>
                                    <property name="generateAPICode" value="true"/>
                                </bean>
                            </property>
                            <property name="typesTabPermissions">
                                <bean class="com.kapowtech.scheduler.client.auth.TypesTabPermissions">
                                    <property name="viewTypes" value="true"/>
                                    <property name="addType" value="true"/>
                                    <property name="deleteType" value="true"/>
                                    <property name="downloadType" value="true"/>
                                </bean>
                            </property>
                            <property name="snippetsTabPermissions">
                                <bean class="com.kapowtech.scheduler.client.auth.SnippetsTabPermissions">
                                    <property name="viewSnippets" value="true"/>
                                    <property name="addSnippet" value="true"/>
                                    <property name="deleteSnippet" value="true"/>
                                    <property name="downloadSnippet" value="true"/>
                                </bean>
                            </property>
                            <property name="resourcesTabPermissions">
                                <bean class="com.kapowtech.scheduler.client.auth.ResourcesTabPermissions">
                                    <property name="viewResources" value="true"/>
                                    <property name="addResource" value="true"/>
                                    <property name="deleteResource" value="true"/>
                                    <property name="downloadResource" value="true"/>
                                </bean>
                            </property>
                            <property name="OAuthTabPermissions">
                                <bean class="com.kapowtech.scheduler.client.auth.OAuthTabPermissions">
                                    <property name="OAuthTab" value="true"/>
                                </bean>
                            </property>
                            <property name="dataViewPermissions">
                                <bean class="com.kapowtech.scheduler.client.auth.DataViewPermissions">
                                    <property name="viewData" value="true"/>
                                    <property name="deleteData" value="true"/>
                                    <property name="exportData" value="true"/>
                                </bean>
                            </property>
                            <property name="logTabPermissions">
                                <bean class="com.kapowtech.scheduler.client.auth.LogTabPermissions">
                                    <property name="viewScheduleRunLog" value="true"/>
                                    <property name="deleteScheduleRunLog" value="true"/>
                                    <property name="viewScheduleMessageLog" value="true"/>
                                    <property name="deleteScheduleMessageLog" value="true"/>
                                    <property name="viewServerLog" value="true"/>
                                    <property name="deleteServerMessage" value="true"/>
                                    <property name="viewRobotRunLog" value="true"/>
                                    <property name="deleteRobotRun" value="true"/>
                                    <property name="viewRobotMessageLog" value="true"/>
                                    <property name="deleteRobotMessage" value="true"/>
                                    <property name="viewRobotsLog" value="true"/>
                                    <property name="viewOrphanProjects" value="true"/>
                                </bean>
                            </property>
                            <property name="taskViewTabPermissions">
                                <bean class="com.kapowtech.scheduler.client.auth.TaskViewTabPermissions">
                                    <property name="viewTasks" value="true"/>
                                    <property name="stopTask" value="true"/>
                                </bean>
                            </property>
                            <property name="clustersAndSettingsTabPermissions">
                                <bean class="com.kapowtech.scheduler.client.auth.ClustersAndSettingsTabPermissions">
                                    <property name="view" value="true"/>
                                    <property name="modify" value="true"/>
                                </bean>
                            </property>
                            <property name="projectsTabPermissions">
                                <bean class="com.kapowtech.scheduler.client.auth.ProjectsTabPermissions">
                                    <property name="viewProjects" value="true"/>
                                    <property name="editProject" value="true"/>
                                    <property name="deleteProject" value="true"/>
                                </bean>
                            </property>
                            <property name="appPermissions">
                                <bean class="com.kapowtech.scheduler.client.auth.AppPermissions">
                                    <property name="kappletUser" value="true"/>
                                    <property name="kappletAdministrator" value="true"/>
                                </bean>
                            </property>
                            <property name="usersTabPermissions">
                                <bean class="com.kapowtech.scheduler.client.auth.UsersTabPermissions">
                                    <property name="view" value="true"/>
                                    <property name="modify" value="true"/>
                                </bean>
                            </property>
                        </bean>
                    </property>
                </bean>
                :
            </list>
        </property>
    </bean>
</beans>

上記太字の
<bean class="com.kapowtech.scheduler.client.auth.Roles" id="roles">
から
</bean>
の部分が各セキュリティグループごとの設定情報になります。

例えば、新たに「ロボットの実行(スケジュール、Kapplet)」と「実行中のロボット参照」「実行中のロボットのみ削除」可能なBizRoboUserというセキュリティグループを作成する場合には、以下のような設定情報(※)を、roles.xmlファイルに追加し、ファイルを保存します。(その後、MCの再起動によって反映)

※設定情報
<bean class="com.kapowtech.scheduler.client.auth.Role">
から
</bean>
の箇所になります。

なお、上記のように指定されていない propertyについては、falseとして認識されます。

0人中0人がこの記事が役に立ったと言っています

コメント

0件のコメント

ログインしてコメントを残してください。