TIBCO BusinessEvents® Extreme provides an access control facility, which enables secure access to administration commands.
Access control is role-based, and is configured using configuration files. Each configuration file contains one or more access control rules. Each rule defines a set of privileges granted to specific roles.
For example, the following configuration file defines access control
policy for an administrative command myCommand in
target p.mytarget:
configuration "mytarget" version "1.0" type "security"
{
configure security
{
configure AccessControl
{
Rule
{
name="p.mytarget.myCommand";
accessRules =
{
{
roleName = "switchadmin";
permission = Execute;
};
};
};
};
};
};Once the above configuration is activated, access control will
enforce that only principals who have been assigned the
switchadmin role are allowed to
execute the p.mytarget.myCommand command.
In addition to access control rules for specific commands, access control also supports configuration of access control policy for an administrative target as a whole, using the following configuration options:
lockAllElements=<true|false>- Prohibit access to all commands in the target.AccessAllOperationsAndAttributespermission - grants full access to all commands in the target to the given role.
For example, the following configuration specifies that all commands
in the target p.mytarget can only be executed by
principals who have been assigned the switchadmin
role:
configuration "mytarget" version "2.0" type "security"
{
configure security
{
configure AccessControl
{
Rule
{
name="p.mytarget";
lockAllElements=true;
accessRules =
{
{
roleName = "switchadmin";
permission = AccessAllOperationsAndAttributes;
};
};
};
};
};
};The above example shows how to configure secure access to an entire administrative target for a specific role, without having to explicitly define access control rules for every command in the target.
![[Warning]](images/warning.png) | |
Failing to specify |
The TIBCO BusinessEvents® Extreme access control supports a set of predefined roles that are used to define access control for principals. Application specific roles are also supported.
The predefined roles are:
switchadmin- allows modification of the operational state of a node. This includes control of a node's lifecycle, e.g. Installation, starting, stopping, and removal.switchmonitor- allows monitoring of the operational state of a node.
TIBCO BusinessEvents® Extreme nodes have a default access control policy installed. The default access control policy restricts administration functions to principals using the predefined roles.
Each of these roles is described in more detail below.
The switchadmin role assigns
administrative privileges to principals. The
switchadmin role is automatically granted to the
user who installed the node. That user always has full administrative
control of the node when logged in on the same host. All operations
which modify the operational behavior of a TIBCO BusinessEvents® Extreme
node may only
be executed by principals which have switchadmin
role privileges. Operational control of a node occurs via
administrator, TIBCO BusinessEvents® Extreme
Administrator, and
JMX. This role should be granted to principals that can perform
operations that modify the node state.
The switchmonitor role assigns system
monitoring privileges to principals. This role is granted execute
permission to all display-type administrative operations.
Consequently, this role should be granted to principals who can
monitor node status. Such principals will be able to display the state
of a TIBCO BusinessEvents® Extreme
node, but will be unable to execute administrative
operations which change the operational state of the node.
As discussed in the section called “Access control”, it is also possible to define application specific roles. This section provides a complete example of defining application specific roles, including the definition of principals to use the roles.
Two application roles are defined in Example 5.2, “Application defined roles”. They are:
exchange-administrator- A role to administrator an exchange. This role is grantedAccessAllOperationsAndAttributespermission to the market administration target (com.tibco.demo.exchange.admin.MarketTarget). This allows this role to execute all market administrative commands.exchange-trader- A role to display market status. This role is only granted execute permission to a display market administrative command (com.tibco.demo.exchange.admin.MarketTarget.display).
Example 5.2. Application defined roles
configuration "exchange-security" version "1.0" type "security"
{
configure security
{
configure AccessControl
{
Rule
{
name = "com.tibco.demo.exchange.admin.MarketTarget";
lockAllElements = true;
accessRules =
{
{
roleName = "exchange-administrator";
permission = AccessAllOperationsAndAttributes;
}
};
};
Rule
{
name = "com.tibco.demo.exchange.admin.MarketTarget.display";
accessRules =
{
{
roleName = "exchange-trader";
permission = Execute;
}
};
};
};
};
};
Example 5.3, “Principal definitions” defines two new principals to use the application roles defined in Example 5.2, “Application defined roles”. The defined principals are:
trader- this principal can display market and node status because they were granted both theexchange-traderandswitchmonitorroles.administrator- this principal can manage exchange markets and nodes because they were granted theexchange-administrator,switchadminandswitchmonitorroles.
Example 5.3. Principal definitions
configuration "exchange-users" version "1.0" type "security"
{
configure security
{
configure Principals
{
//
// Traders
//
Principal
{
name = "trader";
textCredential = "trader";
credentialRequired = true;
roles =
{
"exchange-trader",
"switchmonitor"
};
};
//
// Administrator
//
Principal
{
name = "administrator";
textCredential = "administrator";
credentialRequired = true;
roles =
{
"exchange-administrator",
"switchadmin",
"switchmonitor"
};
};
};
};
};