Mercurial > hg > release > thermostat-1.2
view distribution/config/thermostat-roles.properties @ 1630:65101ac36963
[mq]: remove_agent_permission.patch
author | Mario Torre <neugens.limasoftware@gmail.com> |
---|---|
date | Thu, 11 Dec 2014 12:22:40 +0100 |
parents | 9ba0b1550810 |
children |
line wrap: on
line source
# This file is used if the PropertiesUsernameRolesLoginModule is used # as a delegate in the JAAS configuration *and* the 'roles.properties' option # has not been specified for the login module. # # If that is the case, this file does two things: # 1. It maps user names to roles. # 2. Defines an optional recursive set of roles. This is useful in order to # define role sets. Users can then be members of such defined role sets. # Note that every line which does not have a user name (as defined in the # corresponding users.properties file) on the left hand side of the # equals sign ('='), represents a role. # # A user is assigned multiple roles by separating them by a comma ','. Every # entity in this file which isn't a user name, will be implicitly defined as a # role. # # Format is as follows: # # user1 = my-role, my-role2 # user2 = new-role, role1 # role1 = other-role # # Considering users 'user1' and 'user2' are defined in users.properties, the # above would assign 'user1' the roles 'my-role' and 'my-role2'. 'user2' would # be a member of 'new-role', 'role1' and 'other-role' (transitively via role1) # # # # Example recursive role definition allowed-to-do-everything agent-users. You # can uncomment the following lines and assign your agent users this # "thermostat-agent" role. #thermostat-agent = thermostat-cmdc-verify, \ # thermostat-login, \ # thermostat-prepare-statement, \ # thermostat-purge, \ # thermostat-register-category, \ # thermostat-realm, \ # thermostat-save-file, \ # thermostat-write, \ # thermostat-files-grant-write-filename-ALL # # Example recursive role definition for allowed-to-see-everything client-users. # You may uncomment the following lines and assign your client users this # "thermostat-client" role. "thermostat-write" is needed by the notes plugin. # It's okay to not grant this permissions, the notes functionality will not # work. #thermostat-client = thermostat-agents-grant-read-agentId-ALL, \ # thermostat-cmdc-generate, \ # thermostat-hosts-grant-read-hostname-ALL, \ # thermostat-load-file, \ # thermostat-login, \ # thermostat-prepare-statement, \ # thermostat-query, \ # thermostat-realm, \ # thermostat-register-category, \ # thermostat-vms-grant-read-username-ALL, \ # thermostat-vms-grant-read-vmId-ALL, \ # thermostat-files-grant-read-filename-ALL, \ # thermostat-write # # Example recursive role definition which allows thermostat users to # use the clean-data command, which may perform global delete operations. # Consider assigning this role to client users if they need to use the # clean-data command. Note that other roles for thermostat client users # grant read-only access - at various levels - only. #thermostat-cmd-clean-data = thermostat-purge # # Example recursive role definition that grants all command channel privileges. # You may uncomment the following lines and assign your client users this # "thermostat-cmdc" role. #thermostat-cmdc = thermostat-cmdc-grant-garbage-collect, \ # thermostat-cmdc-grant-dump-heap, \ # thermostat-cmdc-grant-thread-harvester, \ # thermostat-cmdc-grant-killvm, \ # thermostat-cmdc-grant-ping, \ # thermostat-cmdc-grant-jmx-toggle-notifications ${dev.roles.snippet}