Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-744

Login to JOC Cockpit should consider the caller IP address

    XMLWordPrintable

Details

    Description

      Current Situation

      • With the JOC Cockpit user Account Management it is possible to manage roles that are assigned to a user.
      • It is possible to define permissions per role depending on the JobScheduler ID that JOC Cockpit is using.

      Desired Behavior

      It should be possible to define permissions per role depending on the callers IP address, e.g. the IP address of the computer that runs the browser that is used to access JOC Cockpit. The assignment should be configured with JOC Cockpit. For this purpose the JobScheduler Master's view in the Manage Accounts panel will be enhanced.

       
       Example 

      • The role "all" by default includes all permissions.
      • If the JobScheduler ID is "test{{"}}, then login is available but no jobs and process classes are visible to the user account.
      • If the caller IP address is "127.0.0.1{{"}}, then no jobs are visible to the user account.

      The value for the IP address can be partly specified. The check will be done from left to right.
      The value "localhost{{"}} can be used as a placeholder for "127.0.0.1"

      all = sos:products, \
      test:sos:products:joc_cockpit, \
      -test:sos:products:joc_cockpit:job, \
      -test:sos:products:joc_cockpit:process_class, \
      ip=127.0.0.1:sos:products:joc_cockpit, \
      -ip=127.0.0.1:sos:products:joc_cockpit:job, \

      It should be possible to combine e.g. the JobScheduler ID "test" with IP address "192.168.2.3" like this:

      all = sos:products, \
      ip=192.168.2.3:test:sos:products:joc_cockpit, \
      -ip=192.168.2.3:test:sos:products:joc_cockpit:process_class

      When a configuration is available for both the JobScheduler ID and the IP address then both permissions will be merged.
      In the above example there is a configuration for the JobScheduler ID "test" and the IP address "192.168.2.3". When the call to JOC Cockpit is executed from a computer with IP address "192.168.2.3" then this configuration will be applied.

      If there are partly and fully specified IP address configurations available such as A.B and A.B.C and A.B.C.D and the callers' computer makes use of the IP address specified with A.B.C.D then all configurations are merged.

      If the client is behind any proxy then the IP address of proxy will be used.

      The ip specialization can be done with ipv4 or ipv6 depending on the value given in the http request.

      Attachments

        Issue Links

          is related to

          Fix - JOC-877 Login takes a longer time since 1.13.2

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Released

          Activity

            People

              ur Uwe Risse
              ur Uwe Risse
              Kanika Agrawal Kanika Agrawal
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 1 week
                  1w
                  Remaining:
                  Remaining Estimate - 1 week
                  1w
                  Logged:
                  Time Spent - Not Specified
                  Not Specified