How do I set up authentication groups?
A permissions file must be created when authentication is configured for FeatureBase Community.
The permissions file:
- maps the identity provider (IdP) group IDs to read/write permissions to specified FeatureBase indexes
- has one group ID for cluster-level administration access.
Users cannot authenticate with FeatureBase if they do not belong to a group, or the group has no permissions granted to FeatureBase indexes.
Table of contents
Before you begin
- Configure TLS authentication
- Create
permissions.yamlin/<featurebase-install-directory/opt/
Permissions syntax
user-groups:
"<group-id1>":
"<index1>": "<write>"
"<index2>": "<read>"
"<group-id2>":
"<index1>": "<read>"
admin: "<groupd-id3>
Parameters
| Parameter | Description |
|---|---|
<group-id1> | name of equivalent group in IdP. |
<index-n> | FeatureBase index to grant as read/write to the group. |
admin | Designated administrator group. |
Additional information
-
Restart the FeatureBase Community server if you make alterations to the permissions file
- When TLS is enabled, the scheme must be explicitly defined as
httpsinfeaturebase.confand in the command-line. /featurebase.confand/featurebase-install-directory/opt/parameters.yamlmust be duplicated on all nodes of a FeatureBase cluster.