You can block access to administration functionality on all the servers in a cluster, and then select the servers on which to enable administration functionality. You can use this feature to prevent Spotfire administrators from accessing the administration UI when logging in from external networks.
Procedure
-
Open a command line and export the active server configuration by using the
export-config command; for additional information, see
Executing commands on the command line.
-
To begin by blocking administration functionality on all the servers, enter the following commands on the command line. This sets the property for all
Spotfire Servers in the cluster.
config set-config-prop --name=security.administration.enabled --value=false
config set-config-prop --name=security.administration.diagnostics-enabled --value=false
For information about the command options, see
set-config-prop.
-
To set a specific server on which administration tasks will be enabled, enter one or both of the following commands:
- To enable access to all areas of the administration UI except for Monitoring & Diagnostics, enter this command:
config set-config-prop --name=security.administration.enabled --value=true --server-name=<server alias from the bootstrap.xml file>
where "server alias from the bootstrap.xml file" refers to the server on which you want to enable access.
- To enable access to the Monitoring & Diagnostics area of the administration UI, enter this command:
config set-config-prop --name=security.administration.diagnostics-enabled --value=true --server-name=<server alias from the bootstrap.xml file>
Important: For the
server-name parameter, make sure to use the name as it appears in the bootstrap file.
-
Repeat step 3 for each
Spotfire Server on which administration tasks will be enabled.
-
Import the configuration file back to the
Spotfire database by using the
import-config command.
-
Restart all the
Spotfire Servers in the cluster.
-
To prevent users on external networks from performing administration tasks, make sure that all users who log in to
Spotfire from external networks are routed to the servers on which administration functionality is disabled.