Policy and Access Control configuration

ScaleArc's authentication policies contain role definitions; the roles define privileges, which in turn determine the user's or the group's scope of access to ScaleArc and its services.

Use ScaleArc's authentication module to:

  • globally set up the policy to define roles and access control to individual clusters as well as across all clusters.
  • assign users policies that define the type and extent of their access to the clusters.

Configure the authentication policy and access control

ScaleArc uses JSON to set up policy and access control. You can define policies and access control within a single JSON configuration; define the policies first and then associate users or groups to these policies via access control.

Follow these steps to begin:

  1. Click on the SETTINGS menu > User Management > Policy Configuration in the ScaleArc dashboard. 

  2. The Policy and Access control configuration screen appears. 

    Policy_and_Access_Control_Config.png

Define policy

  1. Define one or more policies under the policy element of the JSON configuration. Each policy requires the following attributes:

    Attribute Description
    Name Name of the policy.
    Role The access control role this policy governs. The roles could be any of SuperAdmin, Admin, ReadOnly.
    Clusters The name of the clusters to which this policy provides access. This is a JSON list. If you wish to give access to all clusters use "All."
    Show System Stats Either true or false; this attribute governs whether this policy allows access to the System Stats page.
  2. Use the following example as a guideline to create your own policy.

    Sample policy configuration
    {
        "name": "my_new_readonly_policy",
        "role": "ReadOnly",
        "clusters": [
            "cluster_1"
        ],
        "Show System stat": false
    },
    {
        "name": "my_new_admin_policy",
        "role": "Admin",
        "clusters": [
            "All"
        ],
        "Show System stat": true

Set up access control

ScaleArc lets you assign users or groups to certain policies.

  1. Use the JSON file to assign access from the access control element. During authentication, if a user or a group has multiple policies defined, ScaleArc applies the policy which has the highest 'Grant' for the user.

    Sample policy assignment for user access
    {
        "Users": [],
        "Groups": [],
        "Policy": "SuperAdminDefault"
    },
    {
        "Users": [],
        "Groups": [],
        "Policy": "AdminDefault"
    },
    {
        "Users": [],
        "Groups": [],
        "Policy": "ReadOnly"
    },
    {
        "Users": [],
        "Groups": [
            "admins"
        ],
        "Policy": "my_new_admin_policy"
    },
    {
        "Users": [
            "test_user"
        ],
        "Groups": [],
        "Policy": "my_new_readonly_policy"
    }
  2. After editing the JSON configuration, click on the CONFIGURE button to validate and apply the JSON configuration. You should see a confirmation that the Policy and Access Control configuration was successfully updated.
    Policy_and_access_control_json_success.png

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request