Roles
Roles are the central mechanism that administrators use to allot permissions to users. A role is a collection of privileges. When an administrator assigns a role to a user or group, the user or group receives all the permissions in the role.
Agent code can define roles using annotations. Registering an agent with the server makes all the roles that it defines available on the server. A role remains available until the administrator unregisters the last agent that defines the role.
If the server already contains a role with a given name, then any subsequent definition of a role with the same name has no effect.
(Administrators can also define roles directly on the server.)
@TeaRoles({
@TeaRole(name = "Tomcat Admin", desc = "Manage all tomcat servers",
privileges = { @TeaPrivilege(permissions =
{ TeaPermission.FULL_CONTROL }) }),
@TeaRole(name = "Tomcat User", desc = "Read only access to all tomcat
servers", privileges = { @TeaPrivilege(permissions = {
TeaPermission.READ, TomcatAgent.UPDATE_PERMISSION }) })
})
public class TomcatServer {
@TeaRequires(TeaPermission.FULL_CONTROL)
public void changePort(@KeyParam final String key,
@TeaParam(name = "port", description = "New port number to use")
@Customize(value = "label=Port")
final int port) throws TeaIllegalArgumentException {
// code
}
}
- TeaRole
-
@TeaRole defines a role. A role becomes available in the TIBCO Enterprise Administrator server only after the administrator registers an agent of a specific agent type for the first time. The role remains until the administrator unregisters the last agent of that agent type. If the role is already available on the server, the server ignores the redundant definition.
- TeaRoles
- @TeaRoles groups multiple roles that apply to the same object type class.
- TeaPrivilege
- @TeaPrivililge defines a privilege within a role, specifying its set of permissions.