This document explains how user management is done in Datafari, following the RBAC (Role Based Access Control) model.
Datafari uses three Tomcat Realms for the authentication. This functionality is used to recognize the user and give him a personalized environment.
Also, every user has a specific role which will allow the user to have access to specific areas of Datafari and to prevent others from having this ability.
This functionality is of no use for persons who install Datafari on their personal computers.
The steps for authentication is illustrated in the three pictures below.
As shown above, when a user wants to authenticate, Datafari first calls CombinedRealm.
...
| Code Block |
|---|
<?xml version="1.0" encoding="UTF-8"?>
<Context>
<Realm
className="com.francelabs.realm.CustomCombinedRealm">
<Realm
authDB="db-containing"
authCollection="users"
authUserField="username"
authPasswordField="password"
authRoleField="role"
className="com.francelabs.realm.GenericMongoRealm"
defaultDbHost="localhost"
defaultDbPass=""
defaultDbUser=""
defaultRole="user"
digest="SHA-256"/>
<Realm
className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldap://ldap.forumsys.com:389"
userPattern="uid={0},dc=example,dc=com"
connectionName="cn=read-only-admin,dc=example,dc=com"
connectionPassword="password"/>
</Realm>
</Context>
|
...
Regarding the last Realm above, which relates to the AD/LDAP, its configuration depends on your AD/LDAP system. To configure it properly, please follow the Tomcat 7 JNDIRrealm howto page (url: https://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html )
Regarding the Cassandra realm configuration: by default, the Cassandra database requires no username and password. Still, you should definitely add a password and a username for the connection your Cassandra. Once this is done, fill in these information in defaultDbUser and defaultDbPass.