DSA Permissions Basics
Root level or global permissions and node-level permissions are set in the server.json file. Project permissions are set in the DGLux UI.
This is a basic permission definition structure in server.json file.
[permissionGroup, permissionValue]
permissionGroup could have one of the following values: username, dsId, custom group name or default.
permissionValue could have one of the following values: config, write, read, list, none.
This sets permissions for users defined in users.json for the entire DSA server instance. The following structure has to be set in server.json
"defaultPermission": [
[":config","config"],
[":write","write"],
[":read","read"],
[":user","read"],
[":trustedLink","write"],
["default","none"]
]
Important Note:
Setting global permission in server.json is mandatory to enable permissions on nodes. Otherwise, the broker ignores the permission settings.
How to set permission for the node:
The following list of users available in the system.
If you log in as UserA who doesn't have any write permissions. Trying to add a param, this is not working.
Now log in as a super user (e.g., dgSuper).
Set the following permission for the MySQL DSLink -> DGLuxDG (DB connection) DB Connection details.
Permission Details:
Path: /downstream/MySQL/DgluxDB
Permissions:
[["userA","write"], ["default","none"]]
Right click on /sys -> Update Permissions
Provide the above details and click Invoke.
The same permission could be verified using /sys -> Get Permissions for the same Path.
Restart the server:
Check the updated permissions in the DSA server's conns.json file.
Now log in as UserA for which the permissions have been set and try to add an attribute on the node.
This time the operation is successful.
In the same way, you can use permissions with groups.