Access Control

Access control is an additional layer of security available with LDAP, preconfigured login, and native OS authentication.

If you choose to use access control, you can limit user activities in a more granular fashion than simple login authentication allows. You configure access control in part by creating role-based policies in the cluster’s policy file. The policies enable the cluster to restrict users’ access to resources like projects, workspaces, and streams.

To use access control, you must enable it in <node-name>.xml. For authentication through your native OS or preconfigured logins, you must also enable access control in the CSI security files for those authentication types. The sections that follow explain how to perform all the configuration required for access control.

• Roles, Resources, and Actions
  To restrict user access through the access control system, each user must have a defined role. This role must be associated with resources and authorized actions for the resources. You configure roles, resources, and actions in the policy.xml file.
• Configuring Access Control
  Define access control policies that specify user roles, the actions available to each role, and the resources on which the actions can be performed. If Event Stream Processor is configured to authenticate through the native OS or preconfigured logins, enable access control. Set up role mapping.
• Sample Policies for Authorization Roles
  Use the policy.xml file to control access based on authorization role.
• Enabling or Disabling Access Control
  To enable access control, set the location of the policy file in <node-name>.xml. To disable it, comment the policy line out.
• Recovering Administrative Access
  If you lose administrative access rights to Sybase Event Stream Processor, there are manual steps you can take to recover them.