To
enable access control, set the location of the policy file in
<node-name>.xml. To disable it, comment the policy line
out.
Prerequisites
- Create role-based access control policies in the policy.xml
file.
- Enable access control for native OS or preconfigured logins in CSI files. (Access
control is enabled by default for LDAP.)
- (Optional) Configure role mappings.
Task
By
default, the location of the policy file is commented out of the cluster node
configuration
file.
-
Edit
the node’s configuration file,
ESP_HOME/cluster/nodes/<nodename>/<
node-name>.xml,
to
uncomment
the line that points to the policy file.
In the Csi
element in the Security section, change this:
<!--Policy>${ESP_HOME}/security/policy.xml</Policy-->
To
this:
<Policy>${ESP_HOME}/security/policy.xml</Policy>
When the client makes a login call, the security provider
authenticates the user. When a user tries to perform an action on a resource, the
server determines if the user’s role grants access to the action and resource. If so,
the user is authorized for the action for the resource. Otherwise, action is
denied.
- To
disable access control, open ESP_HOME/cluster/nodes/<nodename>/<
node-name>.xml and comment out the Policy element (in Csi in the
Security section):
<!--Policy>${ESP_HOME}/security/policy.xml</Policy-->
The server performs no access control checking; any authenticated user can
perform any action on any resource.