Home    
 
Products Solutions Developers Nirvana Nirvana documentation Nirvana examples Nirvana FAQ Nirvana Archive Matrix Partners Download Company Contact
 
 

Nirvana Enterprise Manager - Security

 home > developers > nirvana

Introduction

Nirvana provides a comprehensive set of tools to allow users to connect to a Realm Server and perform operations on objects within that realm.

Users are given entitlements based on their subject. A subject is made up of a username and a host.

The username part of the subject is the name of the user taken from either the operating system of the machine they are connecting from or the certificate name if they are using an ssl protocol.

The host part of the subject is either the ip address or the hostname of the machine they are connecting from.

The subject takes the form of :

username@host

For example:

johnsmith@192.168.1.2

So in order for this user to be entitled to perform operations within a Nirvana Realm, this user would need to be given the correct privileges to the objects within the realm and their associated operations.

Entitlements are allocated using a Nirvana ACL. Each object (such as the realm itself, channels, queues and services) that can be accessed within a realm has an associated ACL object. The ACL contains a list of subjects, and their associated entitlements to perform operations on the objects.

Nirvana ACLs also provide support for subjects to be entered with the wildcard '*' character so you could add an acl entry for the following subjects:

johnsmith@*
*@192.168.1.2

The first of the examples above would ensure that the user johnsmith is entitled with the given privileges when connecting from any host. The second would ensure that any user connecting from the given host would be entitled with the given prviledges.

The subject *@* is also provided in all ACL objects by default, and corresponds to the default permission that all subjects inherit who connect but do not individually appear within the ACL. If a subject is listed in the ACL, then the entitlements given to that subject overrides that of any wildcarded entry, including the *@* default subject.

The Enterprise Manager displays an ACL panel for each object within the namespace. The panel allows users to add new subjects to the ACL, as well as remove the selected entry. The image below shows the dialog for adding an ACL entry.

Clicking on the 'OK' button will add the subject to the selected objects ACL list.

When an entry is selected from the ACL panel, and the 'Delete' button is selected, you will be prompted to confirm the deletion.

After any changes made to the ACLs, only when the 'Apply' button is clicked will those changes be sent to the realm server for processing. Clicking the 'Cancel' button will discard any changes made and revert back to the state the Realm server has for the ACL.

To read more about the enttitlements for each object, follow the links below:

Realm ACL
Channel ACL
Queue ACL
Service ACL
Interface VIA ACL

 

 

 
   
© 2001-2008 my-channels.com. (Terms of Use)