User Authorization for Administrator and User Roles

MM authorization uses two preconfigured roles.

These roles are specified in the provided passwords file that is used for file-based authentication:

BE_HOME/mm/config/users.pwd

The file as shipped contains the following entries:

jdoe:A31405D272B94E5D12E9A52A665D3BFE:MM_ADMINISTRATOR;
mm_user:11b2016b63c99ef7ab6d6d716be7b78e:MM_USER;
admin:21232f297a57a5a743894a0e4a801fc3:MM_ADMINISTRATOR;

If you add more users, ensure that they have the appropriate role. Note that role names are case sensitive:

  • MM_ADMINISTRATOR:   Users with this role can execute methods, for example to deploy, start, and stop engines, and invoke method operations
  • MM_USER:   Users with this role can view MM Console, but cannot deploy, start, or stop engines, or invoke method operations
Note: To use LDAP authentication, add these roles in the LDAP directory for the relevant users.

See User Authentication for more on authentication topics, and configuring the password file.