Skip to main content
Skip table of contents

Admin > Security

Intended audience: DEVELOPERS ADMINISTRATORS

AO Platform: 4.3

Overview

The Security pages allow the user to configure options for Access Control, including Users, Groups, Roles, Rights, Permissions, and API URLs, as well as some additional user-related options relating to system integration with Authentication systems, Kerberos, Elasticsearch, Solr, and Single Sign-On.

Most of the pages in this section offer the following general actions:

  • Search/Filter - use a search term to find an entry from existing configurations.

  • Delete - batch deletion of any/all selected items.

  • Add New - create a new entry on the page.

  • Invite - only available for the User page. Allows Administrator to send user account invite to a user to gain access to AO Platform.

  • Refresh - refreshes the page.

  • Import from Excel - allows provision to import the configuration of one or more entries of the selected configuration page.

  • Import from LDAP - only available for the Group page. Allows provision to import Groups from an LDAP integration.

  • Export as CSV - exports the content of the page to a CSV file.

  • Settings - allows configuration of which columns can be seen on the page.

  • Go to (or select by page number) - allows moving to another page in case of too many entries for one page.

Additionally, these are the actions on individual entries:

  • View - views the properties of an entry in read-only mode.

  • Edit - allows the properties of an entry to be edited.

  • Delete - deletes an entry.

  • Add to Transport - adds the configuration record to Transport.

  • View Groups - shows the Groups that a given user is associated with.

  • View Roles - shows the Roles that a given Group is associated with.

  • Assign Permissions - allows Permissions to be assigned to a given Role or API URL - see Assigning Permissions.

  • Assign Roles - Allows Roles to be assigned to a given API URL.

  • View Access Rights - shows Access Rights for a given Permission.

Access Control > Users

The Users page includes a list of User accounts available on the AO Platform. User accounts are used for the purpose of authenticating a User when logging into the AO Platform, using a User ID and a Password as the credentials. A User account also contains an email address and phone number which can both be used by the AO Platform for identification of User as well as for Notifications. Finally, a User account has status flags to indicate if the account is: Active, Verified, Locked, and/or if the User will be forced to change password on login.

The Administrator User account is a system User and therefore read-only. Only the Administrator can reset a forgotten password.

A user belonging to the Administrator Role can create other users. A user can be created in different ways, including:

  • Via Invite button - invitation sent to user’s email address - see Video tutorial below

    • Note: The system must have been configured with SMTP Email for this option to work - see Email

  • Uploading user information via an Excel spreadsheet

  • Administrators create individual users directly via the Add New button

A User is associated with one or more Groups - see Access Control > Groups.

Video

Access Control > Groups

The Groups page includes a list of Groups available on the AO Platform. A Group typically represents a functional or departmental area of an organization. Two Groups, Administrators and Anonymous, are system Groups and therefore read-only. Other Groups can be created as required.

A Group is associated with one or more Roles - see Role page.

Access Control > Roles

The Roles page includes a list of Roles available on the AO Platform. Roles fulfill a vital function in the AO Platform as all Permissions are associated with the Role configuration. The Administrators is a system Role and therefore read-only. Roles are typically functional/hierarchical in nature. The following Roles are available as a starting point. Other Roles can be created as required:

  • Administrators - read-only Role

  • Anonymous

  • Demo Users

  • Developers

  • Managers

  • Operators

  • Pipeline Composer Developers

  • Power Users

  • Users

Use the Action menu to Assign Permissions to a specific Role - see Assigning Permissions page for available options.

Access Control > Rights

The Rights (or Access Rights) page includes a list of Rights available on the AO Platform. Rights are access control behaviors that can be assigned to different components of the system. The AO Platform comes with the most common Rights predefined, including Allow, Deny, Enable, Disable, Create, Update, Delete, Filter, Upload Files, Download Files, Re-Order, and Rename.

These Rights are all system Rights and therefore read-only. Others can be created as required.

Rights can be applied when Permissions are assigned to a Role.

Access Control > Permissions

The Permissions page includes a list of Permissions available on the AO Platform. Permissions are named access controls for particular features or functionality. The AO Platform comes with many predefined named Permissions, all of which are considered system Permissions and therefore read-only. Others can be created as required.

Use the Options menu to View Access Rights associated with a selected named Permission.

Permissions can be assigned when configuring the individual Roles in the AO Platform.

Access Control > API URLs

The API URLs page includes a list of REST API URL end-points available on the AO Platform. All initial API URLs are predefined at the system level and therefore read-only. Others can be created as required.

Use the Options menu to Assign Permissions and Assign Roles to each API URL end-point.

Access Control > System Pipelines

The System Pipeline page ensures that any pipeline added is automatically assigned as a permitted pipeline for all roles in the system. System Pipelines are uniquely designed to appear in the Permitted Pipelines list for every under Access Control > Roles > Assign Permissions > Pipeline.

Auth Clients

The Auth Clients page includes a list of Authentication configurations available on the AO Platform. Some functionality/integration points require authentication in order to be accessed. Such configuration details of the user and/or server can be maintained on this page to automatically authenticate when needed.

Configuration details include Username, Password, Token Name/Response, Client id/Secret, and any other required key/value pair to be passed to the integrated system/service.

Kerberos

The Kerberos page includes a list of Kerberos configurations available on the AO Platform. Some functionality requires to authenticate against a Kerberos system. Configuration details of the Kerberos user and server can be maintained on this page to automatically authenticate when required.

Configuration details include Key, Name, Config Client File Name, Login User, Login User Key Tab, Config File Cluster Path, Key Tab Cluster Path, and other required key/value pairs to be passed to the service.

Elasticsearch Users

The Elasticsearch Users page includes a list of user configurations authorized to connect to Elasticsearch servers, including: User Name, Cluster Name and Password. Elasticsearch is a mandatory system component.

Solr Users

The Solr Users page includes a list of Solr Users configurations available on the AO Platform. Solr is an optional component.

Configuration details include: Cluster Name, User Name and Password.

Single Sign-On

The Single Sign-On page includes configuration details for 3rd party/external authentication services that can be used to authenticate users access to the AO Platform.

Configuration details include Key, Name, Value, and Auth Type.

Contact App Orchid | Disclaimer

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close