Child pages
  • opCharts 3 Users & Roles (Authentication & Authorization)

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: extended docs slightly to spell out oprbac_admin relative updates with += and -=

...

Code Block
Usage: oprbac_admin.pl act=[action to take] [extras...]

oprbac_admin.pl act=list-{users|roles|privs|objects} [verbose=0]
verbose: include data beyond name and description

oprbac_admin.pl act=export-{user|role|priv|object} {name=...|path=...} [file=path]
file: save JSON to file, otherwise printed to STDOUT.

oprbac_admin.pl act=delete-{user|role|priv|object} {name=...|path=...} 
deletes the indicated record.

oprbac_admin.pl act={create|update}-{user|role|priv|object} [name=...] [description=...] [property.zyxxyz=...] [file=path]
file: read JSON from file and update record with that data.
property: each property value can be a deeper structure encoded in JSON, set to 'undef' if property no longer wanted

oprbac_admin.pl act=update-user {name=...} [roles|privileges][=|+=|-=]name[,...]
oprbac_admin.pl act=update-role {name=...} privileges[=|+=|-=]name[,...]
= replaces, += adds and -= removes the named roles or privileges. comma-separated lists of names are supported.

oprbac_admin.pl act=check-access user=userX action=actionY object=pathZ 
 [verbose=0]
returns 1 if the user is authorized to perform the given action.

oprbac_admin.pl act=prune-orphans
removes unused orphaned privilege entries.

...

In the GUI you should now see that group “Branches” has a new role listed with read permissions. The privilege “group_branches_read” could be used to access to other objects as well.

The oprbac_admin actions exist for update as well .pl also allows updates so if the role in question already exists and you want to add a new privilege just use use act=update-role and either set or add the new privilege (with privileges=<newpriv> or privileges+=<newpriv>, respectively).

Add or edit Role properties (opCharts 3.0.7 and later)

...