IDOL Content Component 12.13

Authorization Roles Configuration Parameters

The [AuthorizationRoles] section contains definitions for roles that enable particular sets of actions for particular clients, SSL identities, and GSS principals.

You must create a subsection for each authorization role that you define in the [AuthorizationRoles] configuration section.

You define the permissions that a particular role has by using StandardRoles, or by specifying the Actions, IndexActions, and ServiceActions that you want the role to be able to use. You define the users that belong to a particular role by using Clients, GSSPrincipals, and SSLIdentities.

If a connection matches one of the allowed clients, principals, or SSL identities, they have permission to perform the operations allowed by the role.

For example:

[AuthorizationRoles]
0=AdminRole
1=IDOLUserRole
2=StatusOnlyRole

[AdminRole]
StandardRoles=Admin,Index,ServiceControl
Clients=localhost
SSLIdentities=admin.example.com
GSSPrincipals=CONTENT01/admin.example.com@EXAMPLE.COM

[IDOLUserRole]
StandardRoles=User,ServiceStatus
SSLIdentities=admin.example.com,userserver.example.com
GSSPrincipals=CONTENT01/admin.example.com@EXAMPLE.COM,CONTENT02/userserver.example.com@EXAMPLE.COM

[StatusOnlyRole]
ServiceActions=GetStatus
SSLIdentities=general.example.com

You can use the ShowPermissions action to check the permissions for a user.

IMPORTANT: Make sure that you delete any deprecated RoleClients parameters from your configuration (where Role corresponds to a standard role name) to ensure IDOL Content Component allows only your authorization role permissions.