User Access Control
TIBCO ActiveSpaces security provides user access control to the operations on a metaspace or space. User access control allows you to control the types of TIBCO ActiveSpaces functionality a user is allowed to perform. User access can be allowed or denied for the following permissions:
- read
- Allows reading the contents of a space. The tuple_get operation requires read access. Get browsers also require read access.
Read is the minimum permission required on any scope, because it implies the right to connect to a metaspace.
- write
- Allows writing data to a space. Examples of operations that require write access are:
- put
- take
- lock
- unlock
Take browsers, lock browsers, and transaction also require write access.
Write permission implies that a user also has read permission, because most ActiveSpaces operations that write to a space must first be able to read data from the space. For example, to take a tuple from a space, an application must first do a read to find the tuple before it can remove the tuple.
- invoke
- Perform remote invocations on a a space
- seeder
- Allows the user to seed tuples.
- encrypt
- Allows the user to encrypt tuples.
You can grant or deny a user all of the mentioned permissions by specifying one of the following:
You can also arrange users into groups and apply permissions to all users in a group or to the users in several groups. And you can specify which spaces in a metaspace the permissions for users and groups should be applied to.
Permissions can be applied for:
- A single metaspace and space
- All spaces in a metaspace
- A particular space name in any metaspace
- All metaspaces and spaces
User access control works in conjunction with user authentication. Do not enable authorization (access control) unless user authentication is enabled
See User Authentication for information on how to configure the security policy file to enable user authentication.