Issue:
How can I restrict user access to a particular app in Fusion using Fusion permissions?
Environment:
Fusion
Resolution:
Steps:
- Create a Role
- Create a User
- Assign the Role to the User.
Create a Role:
Under Fusion UI -> Go to settings -> Access Control
- Click on Roles
- Click on Add Role
- Give any name based on your requirement (QAEngineer) -> AddRole
- You’ll get an edit window to add permissions, description and UI permission.
- Specify permissions based on your requirement.
- To restrict a user access to a particular app, we are specifying below mentioned permissions.
GET,HEAD,POST,PUT,DELETE:/apps/<YOURAPPNAME>/**
GET,HEAD:/apps/
GET,HEAD:/blobs/**
GET,HEAD:/collections/*
GET,HEAD:/configurations/**
GET,HEAD:/index-pipelines/**
GET,HEAD:/query-pipelines/** GET,POST,PUT,DELETE,HEAD:/collections/<YOURCOLLECTIONNAME>/** GET,POST,PUT,DELETE,HEAD:/collections/<YOURCOLLECTIONNAME>_items_for_item_recommendations/** GET,POST,PUT,DELETE,HEAD:/collections/<YOURCOLLECTIONNAME>_items_for_user_recommendations/** GET,POST,PUT,DELETE,HEAD:/collections/<YOURCOLLECTIONNAME>_signals/** GET,POST,PUT,DELETE,HEAD:/collections/<YOURCOLLECTIONNAME>_signals_aggr/** GET,POST,PUT,DELETE,HEAD:/experiments/** GET,POST,PUT,DELETE,HEAD:/index-stages/** GET,POST,PUT,DELETE,HEAD:/jobs/** GET,POST,PUT,DELETE,HEAD:/query-stages/** GET,POST,PUT,DELETE,HEAD:/scheduler/** GET,POST,PUT,DELETE,HEAD:/stopwords/** GET,POST,PUT,DELETE,HEAD:/suggestions/collections/<YOURCOLLECTIONNAME>/** GET,POST,PUT,HEAD:/connectors/** GET,POST,PUT,HEAD:/history/** GET,POST,PUT,HEAD:/index-profiles/** GET,POST,PUT,HEAD:/parsers/** GET,POST,PUT,HEAD:/prefs/apps/search/* GET,POST,PUT,HEAD:/query-profiles/** GET,POST,PUT,HEAD:/tasks/** GET,POST,PUT:/appkit/** GET,POST,PUT:/usage/** GET,POST:/dynamicSchema/** GET,POST:/query/** GET:/features/** GET:/introspect/** GET:/license GET:/links/** GET:/solr/<YOURCOLLECTIONNAME>/** GET:/spark/schema GET:/system/autocomplete/** GET:/templates/** PATCH:/users/{id}:id=#ID POST,PUT,DELETE:/index-pipelines/<YOURINDEXPIPELINE>/** POST,PUT,DELETE:/query-pipelines/<YOURQUERYPIPELINE>/** POST:/index/**
- Add a description (optional)
- Under UI permission : enable the UI permission based on your requirement, In this test we are giving full access (*).
- Save the permission --> a new Role will be created.
Create a user & assign "QAEngineer" role
- Under Fusion UI -> Go to settings -> Access Control
- Click on User
- Add User
- Select your Realm -> Enter username and password
- Under roles -> select QAEngineer Role.
- Click on create -> a new user will now be created and will be assigned "QAEngineer" role.
Now, you can login to fusion UI with the new username and the password,Your access and visibility will be restricted to a single App
User: "RakeshMaski" is restricted to access/View only RakeshACLAPP. The rest of the apps are hidden for this user.
Cause:
Comments
0 comments
Please sign in to leave a comment.