- globally set up the policy to define roles and access control to individual clusters as well as across all clusters.
- assign users policies that define the type and extent of their access to the clusters.
ScaleArc uses JSON to set up policy and access control. You can define policies and access control within a single JSON configuration; define the policies first and then associate users or groups to these policies via access control.
Configure the authentication policy and access control by following these steps:
- Click on the SETTINGS menu > User Management > Policy Configuration in the ScaleArc dashboard.
- The Policy and Access control configuration screen appears.
Define policy
-
Define one or more policies under the policy element of the JSON configuration. Each policy requires the following attributes:
Attribute Description Name Name of the policy. Role The access control role this policy governs. The roles could be any of SuperAdmin, Admin, ReadOnly. Clusters The name of the clusters to which this policy provides access. This is a JSON list. If you wish to give access to all clusters use "All." Show System Stats Either true or false; this attribute governs whether this policy allows access to the System Stats page. -
Use the following example as a guideline to create your own policy.
Sample policy configuration{ "name": "my_new_readonly_policy", "role": "ReadOnly", "clusters": [ "cluster_1" ], "Show System stat": false }, { "name": "my_new_admin_policy", "role": "Admin", "clusters": [ "All" ], "Show System stat": true
Set up access control
ScaleArc lets you assign users or groups to certain policies.
-
Use the JSON file to assign access from the access control element. During authentication, if a user or a group has multiple policies defined, ScaleArc applies the policy which has the highest 'Grant' for the user.
Sample policy assignment for user access{ "Users": [], "Groups": [], "Policy": "SuperAdminDefault" }, { "Users": [], "Groups": [], "Policy": "AdminDefault" }, { "Users": [], "Groups": [], "Policy": "ReadOnly" }, { "Users": [], "Groups": [ "admins" ], "Policy": "my_new_admin_policy" }, { "Users": [ "test_user" ], "Groups": [], "Policy": "my_new_readonly_policy" }
- After editing the JSON configuration, click on the CONFIGURE button to validate and apply the JSON configuration. You should see a confirmation that the Policy and Access Control configuration was successfully updated.