Authorization is a critical component of any security model for a product. Authorization describes what a user is allowed to do within a system.
The following table provides the key concepts and terminology:
Active Directory Domain Server | Description |
---|---|
Role | A role allows you to assign permissions to an object based on the tasks that users perform. Example an Admin or a Management role. |
Permission |
A permission grants a user or group privileges for a specific object. A permission triplet consists of:
|
APEX Cloud Platform Manager relies on the Active Directory Domain Services Role Based Access Control (RBAC) model.
After deployment, you can add users to the following groups to permit access to the management of the cluster:
From AD with LDAPs, you can manage APEX Cloud Platform users through groups that are assigned to roles in Active Directory Domain Server. The APEX Cloud Platform API also uses the same Active Directory Domain Server RBAC mechanism. Any API requests are sent to Active Directory for authentication, and authorization are based on their Active Directory Domain Server permissions.
The following roles are available for each component:
Component | User ID | Roles |
---|---|---|
iDRAC | root | Admin |
iDRAC | vxpsvc | Admin |
AD | Customer defined | Management |
APEX Cloud Platform Manager | root | Admin |
APEX Cloud Platform Manager | service | user |
APEX Cloud Platform Manager | mystic | user |
Node | Administrator (After you deploy the cluster, change to ASBuiltinAdmin). | Admin |