Enabling Permission Checking on Data Grids and Tables

This topic helps you setup a grid with permissions enabled so that you can subsequently enable permission checking on the tables in the data grid.

Prerequisites

Shutdown the ActiveSpaces data grid and TIBCO FTL servers.
Ensure that Transport Layer Security (TLS) has been configured for the TIBCO FTL servers. For more information, see Enabling Transport Encryption on a Data Grid.
Configure the appropriate users and roles that are accessed by the TIBCO FTL server. For more information, see Authentication and Authorization. Remember that the users and roles can be one of the following types:
- Users and roles for client applications that are granted table permissions.
- Users who can use SQL to create or modify table definitions with the tibdg-ddl role. For more information, see ActiveSpaces Custom Roles.
- The user with the tibdg-internal role that is needed to start the ActiveSpaces grid processes. For more information, see ActiveSpaces Custom Roles.
After creating the necessary users and roles for authentication and authorization purposes, start the secure TIBCO FTL servers.
Ensure that transport encryption has been enabled for the ActiveSpaces data grid (encrypted_connections=all). For more information, see Enabling Transport Encryption on a Data Grid.

Enable permission checking on the ActiveSpaces data grid. For more information, see Enabling Permission Checking when Creating or Modifying a Data Grid.
Permission checking is now enforced when the grid processes are started. They are also enforced when you access tables to perform read and write operations.
Start the ActiveSpaces data grid processes with a user account that has the tibdg-internal role. For more information, see Starting Data Grid Processes With Authentication.
Create or modify the table definitions in the ActiveSpaces data grid to grant users or roles permission to access the table. For more information, see The tibdg Commands to Set Permissions on a Table.