Mercurial > hg > release > thermostat-1.0
view distribution/config/thermostat-roles.properties @ 1397:c406ad5b66f1
Backport clean-data command fix to Thermostat 1.0
Reviewed-by: neugens
Review-thread: http://icedtea.classpath.org/pipermail/thermostat/2014-May/009825.html
PR1782
author | Severin Gehwolf <sgehwolf@redhat.com> |
---|---|
date | Tue, 22 Apr 2014 17:01:48 +0200 |
parents | 8a6f30063c8c |
children |
line wrap: on
line source
# This file is used if the PropertiesUsernameRolesLoginModule is used # as a delegate in the JAAS configuration *and* the 'roles.properties' option # has not been specified for the login module. # # If that is the case, this file does two things: # 1. It maps user names to roles. # 2. Defines an optional recursive set of roles. This is useful in order to # define role sets. Users can then be members of such defined role sets. # Note that every line which does not have a user name (as defined in the # corresponding users.properties file) on the left hand side of the # equals sign ('='), represents a role. # # A user is assigned multiple roles by separating them by a comma ','. Every # entity in this file which isn't a user name, will be implicitly defined as a # role. # # Format is as follows: # # user1 = my-role, my-role2 # user2 = new-role, role1 # role1 = other-role # # Considering users 'user1' and 'user2' are defined in users.properties, the # above would assign 'user1' the roles 'my-role' and 'my-role2'. 'user2' would # be a member of 'new-role', 'role1' and 'other-role' (transitively via role1) # # # # Example recursive role definition allowed-to-do-everything agent-users. You # can uncomment the following lines and assign your agent users this # "thermostat-agent" role. #thermostat-agent = thermostat-cmdc-verify, \ # thermostat-login, \ # thermostat-prepare-statement, \ # thermostat-purge, \ # thermostat-register-category, \ # thermostat-realm, \ # thermostat-save-file, \ # thermostat-write # # Example recursive role definition for allowed-to-see-everything client-users. # You may uncomment the following lines and assign your client users this # "thermostat-client" role. #thermostat-client = thermostat-agents-grant-read-agentId-ALL, \ # thermostat-cmdc-generate, \ # thermostat-hosts-grant-read-hostname-ALL, \ # thermostat-load-file, \ # thermostat-login, \ # thermostat-prepare-statement, \ # thermostat-query, \ # thermostat-realm, \ # thermostat-register-category, \ # thermostat-vms-grant-read-username-ALL, \ # thermostat-vms-grant-read-vmId-ALL # # Example recursive role definition which allows thermostat users to # use the clean-data command, which may perform global delete operations. # Consider assigning this role to client users if they need to use the # clean-data command. Note that other roles for thermostat client users # grant read-only access - at various levels - only. #thermostat-cmd-clean-data = thermostat-purge # # Example recursive role definition that grants all command channel privileges. # You may uncomment the following lines and assign your client users this # "thermostat-cmdc" role. #thermostat-cmdc = thermostat-cmdc-grant-garbage-collect, \ # thermostat-cmdc-grant-dump-heap, \ # thermostat-cmdc-grant-thread-harvester, \ # thermostat-cmdc-grant-killvm, \ # thermostat-cmdc-grant-ping, \ # thermostat-cmdc-grant-jmx-toggle-notifications