Authorization Groups
A user name may belong to several authorization groups (also known as roles). Authorization groups can be configured in either the JAAS file or the flat-file.
The following are examples of users and authorization groups defined in a flat-file with the required authorization groups for running a data grid with authentication and authorization:
- Admin User - A user for authenticating the
tibrealmadmin,
tibdg, and
tibdgproxy processes which has the
ftl-admin role. The following statement is an example:
admin: adminpw, ftl-admin,ftl
- Realm Server User - A single user with roles for authenticating the primary realm server, all backup realm servers, and all satellite realm servers. This single user facilitates switching between a backup realm server and its primary realm server, or a satellite realm server and its primary realm server. The following statement is an example:
rs: rspw, ftl-primary,ftl-satellite,ftl-backup,ftl-admin
- tibdgadmind User - A user for authenticating the
tibdgadmind process that requires the
ftl-satellite and ftl-admin roles. The following statement is an example:
tibdgadmind: tibdgadmindpw, ftl-satellite,ftl-admin
- tibdg
User - A user for authenticating the
tibdgkeeper and
tibdgnode processes which just require the basic
ftl role. The following statement is an example:
tibdguser: tibdguserpw, ftl
- Client Users - Additional users as required for ActiveSpaces clients. These clients only need the basic role of
ftl. The following statement is an example:
user1: user1pw, ftl user2: user2pw, ftl
- Realm Server User - use the same name and password in all authentication files used by affiliated realm servers
- Admin User
- tibdg user
Related concepts
Copyright © Cloud Software Group, Inc. All rights reserved.