Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Overview

opCharts 3 introduces a new authorization system for MSP's which runs in parallel to the original system, so there are 2 modes running in parallel.  Administration of the new "portal" system can only be done by a user with opCharts admin access from the original authorization system.

...

Note: If in opCommon.nmis an external auth_method such as an LDAP server has been provisioned we may not set a user password.

 


Resources (charts/maps/business services)

...

ResourcePath
Charts/root/opcharts/chart/<chart_name>
Maps/root/opcharts/map/<map_name>
Business Services/root/opcharts/business_service/<business_service_name>
Dashboards/root/opcharts/dashboard/<dashboard_name>

 


CLI Interface (oprbac_admin.pl)

...

  1. Create a privilege, this could be auto-created for us when doing other actions but then we would have to look up the name or id created by parsing output.  I’ve named it ‘group_branches_read’ because I intend for it to represent the ability to read the branches group, it can be named whatever you want (as long as it is unique).
  2. Create an object that represents the group by giving the correct path (with the group name), and tell that object that read permissions are granted using the privilege name from step #1.  

  3. Create a new role, and give the role our privilege.

     


    Code Block
    nmis64:bin root$ ./oprbac_admin.pl act=create-priv name=group_branches_read
    created new privilege (internal id 582ba442a77ea70da3448f11)
    nmis64:bin root$ ./oprbac_admin.pl act=create-object path=root,opcharts,group,Branches read_privileges=group_branches_read
    created new object
    nmis64:bin root$ ./oprbac_admin.pl act=create-role name=BranchesRole privileges=group_branches_read
    created new role (internal id 582ba4c9a77ea70dcf4c2ea1)


...