User group: Edit Authorization
To edit group authorizations this module can be used. It supports actions like 'Add' or 'Remove' and 'Set' und reads the authorizations from a file in JSON format.
Designation
- Name
- mc.UserGroupAuthorizationEdit
Configuration
- Optionen
- Action (
action) - Defines the action to perform. Privileges cann be add, removed or set.Mögliche Werte: Add (
add), Remove (remove), Set (set)
null (authorization-file)
:
Description
The module can be used to set, add or remove authorizations for a user group. Which authorizations are processed with one of the actions mentioned must be defined in a file in JSON format. Further details on the format of the file can be found in the following section. The three actions that can be carried out each proceed as follows:
Add The action appends the entries defined in the JSON file to the end of the list of existing entries. There is no check to see whether entries are duplicated.
Remove When removing entries, comparisons are made between the entries in the JSON file and in the respective object. All fields of an entry must match for it to be deleted. If entries are duplicated, all occurrences are deleted.
Set In this mode, all existing entries are deleted and then entered in the list as with the Add action.
Input
The file in JSON format that must be passed to the authorization-file option, as in the following example is structured. This is basically a list of objects.
[
{
"group": "1",
"type": "*",
"name": "*",
"read": true,
"write": true,
"execute": true,
"delete": false,
"cancel": true,
"executions": true,
"openReports": true,
"modifyAtRuntime": true,
"source": {
"agent": "ABC",
"login": "LOGIN1",
"filename": "/etc/filename"
},
"destination": {
"agent": "DEF",
"login": "LOGIN2",
"filename": "/etc/filename"
}
},
{
"group": "2",
"type": "CALL",
"name": "*SYSTEM*",
"read": true,
"write": true,
"execute": false,
"delete": false,
"cancel": false,
"executions": true,
"openReports": true,
"modifyAtRuntime": false
},
{
"group": "NOT",
"type": "*",
"name": "*SECRETS*",
"read": true,
"write": true,
"execute": true,
"delete": false,
"cancel": true,
"executions": true,
"openReports": true,
"modifyAtRuntime": true
}
]
The following rules apply to the properties of the objects:
- if an attribute is not specified, the default value is used (see table)
- If invalid values are specified, the input file is invalid.
- The two attributes source and destination are objects with the properties agent, login and filename.
Based on these rules, the file from the example above can also be written shorter.
[
{
"read": true,
"write": true,
"execute": true,
"cancel": true,
"executions": true,
"openReports": true,
"modifyAtRuntime": true,
"source": {
"agent": "ABC",
"login": "LOGIN1",
"filename": "/etc/filename"
},
"destination": {
"agent": "DEF",
"login": "LOGIN2",
"filename": "/etc/filename"
}
},
{
"group": "2",
"type": "CALL",
"name": "*SYSTEM*",
"read": true,
"write": true,
"executions": true,
"openReports": true
},
{
"group": "NOT",
"name": "*SECRETS*",
"read": true,
"write": true,
"execute": true,
"cancel": true,
"executions": true,
"openReports": true,
"modifyAtRuntime": true
}
]
An overview of all attributes, their types and the default values can be found in the following table.
| Attribute | Type | Default value | Description |
|---|---|---|---|
| group | Character string | 1 | Can contain the numbers 1-9 or the keyword NOT |
| type | string | * | Contains either the short name for an object type or * |
| name | Character string | * | Object name filter |
| read | Boolean | false | read |
| write | Boolean | false | write |
| execute | Boolean | false | Execute |
| delete | Boolean | false | delete |
| cancel | Boolean | false | Cancel |
| executions | Boolean | false | executions |
| openReport | Boolean | false | open report |
| modifyAtRuntime | Boolean | false | modify at runtime |
| source | object | * for each attribute | filter for agent, login and file name of the source |
| destination | object | * for each attribute | filter for agent, login and file name of the destination |