- Home
- Documentation
- Reference Guide
- Unravel Properties
- Role-Based Access Control (RBAC)
Role-Based Access Control (RBAC)
See RBAC configuration.
RBAC is reliant upon tagging. if you are unfamiliar with the concept or how it is used, see What is tagging.
Property/Description | Set by user | Unit | Default |
|---|---|---|---|
com.unraveldata.rbac.enabled Enables Role-Based Access Control.
| Optional | boolean | FALSE |
com.unraveldata.rbac.roles A comma-separated list of custom roles. | Optional | CSV | - |
com.unraveldata.rbac.role.<role>.users A comma-separated list of users that can be assigned to a role. The role can be admin, readonlyAdmin, or custom_role, which is set using com.unraveldata.rbac.roles property. | Optional | CSV | - |
com.unraveldata.rbac.role.<role>.groups A comma-separated list of groups that can be assigned to a role. The role can be admin, readonlyAdmin, or custom_role, which is set using com.unraveldata.rbac.roles property. | Optional | CSV | - |
com.unraveldata.rbac.role.<role>.data.user.filter User data filter, if enabled, data is filtered on the username. The role can be admin or custom_role, which is set using com.unraveldata.rbac.roles property. | Optional | boolean | FALSE |
com.unraveldata.rbac.role.<role>.data.tags.filter Tags data filter, if enabled, data is filtered on the user tags. The role can be admin or custom_role, which is set using com.unraveldata.rbac.roles property. | Optional | boolean | FALSE |
com.unraveldata.rbac.role.<role>.data.es.query Query data filter, if enabled, data is filtered on the given valid ElasticSearch query. The role can be admin or custom_role, which is set using com.unraveldata.rbac.roles property. | Optional | string | - |
com.unraveldata.rbac.role.<role>.data.field.<field> Fields data filter, if enabled, data is filtered on the supported ElasticSearch fields for the given values. The <field> should be in the supported field list. The role can be user or custom_role, which is set using com.unraveldata.rbac.roles property. | Optional | CSV | - |
com.unraveldata.rbac.role.<role>.views The views that are shown for a specific role. This is configured based on the View ID list. The role can be user or custom_role, which is set using com.unraveldata.rbac.roles property. | Optional | CSV | clusters.resources, clusters.chargeback, compute, jobs |
com.unraveldata.rbac.user.field The ElasticSearch user field property name is used as the key by which data is filtered on the username. | Optional | string | userName |
com.unraveldata.rbac.tagcmd The file path, which contains the map of users to custom groups. | Optional | string | - |
com.unraveldata.login.tags A comma-separated list of tags. For example: proj, dept. | Optional | CSV | - |
com.unraveldata.login.tag.<tag>.regex.find Regex of the available tag. The regex gets the tag values by matching with the user's groups. | Optional | string | - |