Fabric includes an authentication and authorization mechanism that enables managing user access control and restrictions, such as:
Using roles makes managing permissions much easier. It avoids having to manually grant sets of privileges user by user. For example, several users might be assigned as “administrators”.
User access control management can be performed using either:
Roles are also used to maintain consistency across Fabric and be assigned with many or all of the following permission and actions types:
Fabric database credentials are saved in Cassandra under the k2auth keyspace in the following four tables:
Fabric database credentials are validated each time a user attempts to access Fabric via the console, Web Services or other interfaces. Permissions can be set on an LU level or an LUI level.
Note that to avoid authentication of a user on an LUI level, set DISABLE_LUI_AUTH in the config.ini file to true. By default, this parameter is false.
It is also possible to skip the sync process between Fabric user and Cassandra user by setting SYNC_CASSANDRA_SYSTEM_AUTH in the config.ini file to false. By default, this parameter is true.
Create the users and define their credentials, as follows:
Create a new user and a new role.
Exit Fabric and log in with this user or use the token to invoke a Web Service.
By default, Fabric creates the admin user as the initial superuser when starting for the first time and defines their user and password as "admin". Fabric can also be started for the first time with another initial superuser that is not defined as admin/admin.
Fabric includes an authentication and authorization mechanism that enables managing user access control and restrictions, such as:
Using roles makes managing permissions much easier. It avoids having to manually grant sets of privileges user by user. For example, several users might be assigned as “administrators”.
User access control management can be performed using either:
Roles are also used to maintain consistency across Fabric and be assigned with many or all of the following permission and actions types:
Fabric database credentials are saved in Cassandra under the k2auth keyspace in the following four tables:
Fabric database credentials are validated each time a user attempts to access Fabric via the console, Web Services or other interfaces. Permissions can be set on an LU level or an LUI level.
Note that to avoid authentication of a user on an LUI level, set DISABLE_LUI_AUTH in the config.ini file to true. By default, this parameter is false.
It is also possible to skip the sync process between Fabric user and Cassandra user by setting SYNC_CASSANDRA_SYSTEM_AUTH in the config.ini file to false. By default, this parameter is true.
Create the users and define their credentials, as follows:
Create a new user and a new role.
Exit Fabric and log in with this user or use the token to invoke a Web Service.
By default, Fabric creates the admin user as the initial superuser when starting for the first time and defines their user and password as "admin". Fabric can also be started for the first time with another initial superuser that is not defined as admin/admin.