Data Permissions

Permissions specify what data each role can see and they can be restricted based on four conditions:

• Gateway name
• Sampler plugin name (e.g. CPU)
• Dataview group
• Managed entity attribute

By default roles have no permissions and do not have access to any data. Edit the configuration file in config/settings.conf and edit the permissions part to specify role permissions. The node watches for changes in this file and will automatically reload the configuration.

The permissions section consists of a list of roles and their data viewing permissions:

permissions {
   ROLE_A { ... }
   ROLE_B { ... }
   ROLE_C { ... }
}

The snippet below details how to specify multiple permissions for a role. In this example ROLE_USER can see all CPU samplers as well as dataviews named ‘MyDV’ on gateway ‘Demo’:

permissions {
   ROLE_ADMIN = All # This role has permission to see all data

   ROLE_USER { # Role can have one or more permissions, each permission needs a unique name

                permission1 { # Role can see data matching these conditions - all CPU samplers:
                        PluginName = CPU
                }

                # .. OR ..

                permission2 { # Role can also see all dataviews named 'MyDV' on gateway 'Demo'
                        Dataview = MyDV
                        # .. AND ..
                        Gateway = Demo
                }
   }
}

The available conditions inside each permission are:

permission { # Each permission can have 4 types of conditions. All conditions must be met
        Gateway = SomeGatewayName
        PluginName = PluginName # e.g. CPU
        DataViewGroup = SomeDataviewGroup
        SomeEntityAttribute = SomeValue
        OtherEntityAttribute = OtherValue # Multiple managed entity attributes can be set
}

Note: the same condition should not be specified twice in a single permission:

permission {
        Gateway = Demo
        Gateway = Testing # Error, since 'Gateway' is repeated
}