GigaSpaces Ops Manager Authorization
GigaSpaces provides role-based security that provides access based on the user's intended activity in the organization.
User Roles
InsightEdge Ops Manager provides advanced capabilities of services monitoring, data analysis, and connectivity to multiple data sources. These capabilities are divided into a list of screens and features with permissions for logging user roles:
- Admin (superuser) – has access to all capabilities including features related to services orchestration that has high impact on the environment resources consumption (e.g. scale up/down of service partitions).
- Manager – can deploy one or many services and connect with client applications and other components such as databases, Kafka, etc. A Manager will deploy services, will test them – function and performance - and analyze the data behavior within the Space.
- Viewer – data expert with a goal to view, interact with and query the data.
Roles and Permissions in Ops Manager
The following table lists the various functionalities available in Ops Manager, based on the user's assigned role.
|
Screen/Feature |
Description |
Roles |
|
Monitor My Services Screen |
Enable/disable user role to review the deployed services within GigaSpaces grid including screens of services overview, drill-down to single service, drill-down to instance level etc. Outcome: User role with no permission to monitor services will not be able to access these screens through the landing page or navigation panel. All screens related to services monitoring are hidden. |
Admin, Manager |
|
Deploy a Service |
For user role that can review and monitor services, enable/disable the ability to deploy a new service through the Ops Manager. Outcome: User role with no permission to deploy a service will not see/be able to activate the deploy feature at any orchestration layer – ServiceGrid, Kubernetes. |
Admin, Manager |
|
On-Demand Scale Up/Down for a Service and a Partition |
Enable/disable the view and activation of the Scale Up/Down feature at the level of a service (all partitions) and for a single partition. This is valid for Kubernetes. Outcome: The Scale Up/Down feature at service or partition level is hidden for user role that does not have permission. |
Admin |
|
On-Demand Scale Out/In for a Service |
Enable/disable the view and activation of the Scale Out/In feature at the level of a service. This is valid for ServiceGrid orchestration. Outcome: The Scale Out/In feature at service level is hidden for user role that does not have permission. |
Admin |
|
Download Logs |
Enable/disable the ability to download log files to client. This feature is valid at all orchestration layers. Outcome: The Download Logs feature is available in the user interface for user role that has permission to download to their client. |
Admin, Manager |
|
View Logs |
Enable/disable the ability to viewing partition log files with Ops Manager. This feature is valid at all orchestration layers. Outcome: The View Logs feature is available in the user interface for user role that has this permission. |
Admin, Manager |
|
Analyze my Data Screen |
Enable/disable user role to review the deployed spaces and their entities including metrics/performance and queries. Outcome: User role with no permission to analyze data will not be able to access these screens through the landing page nor navigation panel. All screens related to data analysis and queries are hidden. |
Admin, Manager, Viewer |
|
SQL Query |
Enable/disable the ability to define and execute SQL queries. For user role with no permission – the SQL query tab will be hidden with no access to data. Outcome: The SQL query tab is hidden at both Space and object type levels for user role with no permission. |
Admin, Manager, Viewer |
|
Objects Analysis |
Enable/disable the ability to trigger the Object Analysis (on-demand and scheduled) process or to review reports/last run report. This is valid for all orchestration layers. Outcome: User role with no permission to trigger the object analysis feature will not have these actions as part of their Space screen. |
Admin |
|
Connect to Data Sources Screen |
Enable/disable user role to access the data sources screen and connect/fetch data. Outcome: User role with no permission to connect to data sources will not be able to access these screens through the landing page or navigation panel. All screens related to data analysis and queries are hidden. |
Admin, Manager |
|
Deploy a Blueprint |
Enable the ability to automatically deploy a blueprint using either ServiceGrid or Kubernetes as the orchestration layer. All user roles that have access to the data sources screen can download a blueprint but need specific permission to deploy it from the Ops Manager. Outcome: The automatic deploy of a blueprint is available/visible only for user roles that have this permission. |
Admin, Manager |
