User_Permissions
OGEMA supports two types of users, natural users can login to the OGEMA web interface, whereas machine users can access the OGEMA REST interface. A machine user is required, for instance, by a smartphone app that needs to read data from an OGEMA gateway. Users are assigned certain permissions (the same applies to apps, by the way). The most important ones are ResourcePermissions for both natural and machine users, and WebAccessPermissions for natural users.
A resource permission is required to access data stored in the OGEMA resource database. A user with restricted resource permissions can only access a subset of all resources. Let's assume we have two natural users master and test, where master has unlimited resource permissions and test may only access resources below the toplevel element with path SimulatedFreezer (this example is taken from the OGEMA demokit). When we open the web interface of the basic switch gui app (see demokit), logged in as master, two switchable devices are listed. When we open the same page logged in as test user, only the SimulatedFreezer device is shown.
TODO screenshot
These apply to natural users only. By means of WebAccessPermissions we can restrict the apps that are accessible to a certain user. For example, the demokit also has a user guest, who may only access the OGEMA start page but no other apps. Logging in with this user, the following sad empty page is shown to us: TODO screenshot
Whereas for the master user it looks as follows:
TODO screenshot
User permissions can be configured statically in the file config/ogema.roles (only takes effect in a clean start), or dynamically via the framework-administration GUI. Currently, the latter only supports ResourcePermissions for machine users and WebAccessPermissions for natural users. Furthermore, there are shell commands available for managing permissions: ...
TODO screenshots
-
More details on permissions in OGEMA can be found in the Security Technical Notes
-
Back to Support Section