GigaSpaces Ops Manager Authorization

GigaSpaces provides role-based security that provides access based on the user's intended activity in the organization.

User Roles

InsightEdge Ops Manager provides advanced capabilities of services monitoring, data analysis, and connectivity to multiple data sources. These capabilities are divided into a list of screens and features with permissions for logging user roles:

  • Admin (superuser) – has access to all capabilities including features related to services orchestration that has high impact on the environment resources consumption (e.g. scale up/down of service partitions).
  • Manager – can deploy one or many services and connect with client applications and other components such as databases, Kafka, etc. A Manager will deploy services, will test them – function and performance - and analyze the data behavior within the Space.
  • Viewer – data expert with a goal to view, interact with and query the data.

Roles and Permissions in Ops Manager

The following table lists the various functionalities available in Ops Manager, based on the user's assigned role.

Screen/Feature

Description

Roles

Monitor My Services Screen

Enable/disable user role to review the deployed services within GigaSpaces grid including screens of services overview, drill-down to single service, drill-down to instance level etc.

Outcome: User role with no permission to monitor services will not be able to access these screens through the landing page or navigation panel. All screens related to services monitoring are hidden.

Admin, Manager

Deploy a Service

For user role that can review and monitor services, enable/disable the ability to deploy a new service through the Ops Manager.

Outcome: User role with no permission to deploy a service will not see/be able to activate the deploy feature at any orchestration layer – ServiceGrid, K8s, ElasticGrid.

Admin, Manager

On-Demand Scale Up/Down for a Service and a Partition

Enable/disable the view and activation of the Scale Up/Down feature at the level of a service (all partitions) and for a single partition. This is valid for Kubernetes and ElasticGrid.

Outcome: The Scale Up/Down feature at service or partition level is hidden for user role that does not have permission.

Admin

On-Demand Scale Out/In for a Service

Enable/disable the view and activation of the Scale Out/In feature at the level of a service. This is valid for ElasticGrid and ServiceGrid orchestration methods.

Outcome: The Scale Out/In feature at service level is hidden for user role that does not have permission.

Admin

Download Logs

Enable/disable the ability to download log files to client. This feature is valid at all orchestration layers.

Outcome: The Download Logs feature is available in the user interface for user role that has permission to download to their client.

Admin, Manager

View Logs

Enable/disable the ability to viewing partition log files with Ops Manager. This feature is valid at all orchestration layers.

Outcome: The View Logs feature is available in the user interface for user role that has this permission.

Admin, Manager

Analyze my Data Screen

Enable/disable user role to review the deployed spaces and their entities including metrics/performance and queries.

Outcome: User role with no permission to analyze data will not be able to access these screens through the landing page nor navigation panel. All screens related to data analysis and queries are hidden.

Admin, Manager, Viewer

SQL Query

Enable/disable the ability to define and execute SQL queries. For user role with no permission – the SQL query tab will be hidden with no access to data.

Outcome: The SQL query tab is hidden at both Space and object type levels for user role with no permission.

Admin, Manager, Viewer

Objects Analysis

Enable/disable the ability to trigger the Object Analysis (on-demand and scheduled) process or to review reports/last run report. This is valid for all orchestration layers.

Outcome: User role with no permission to trigger the object analysis feature will not have these actions as part of their Space screen.

Admin

Connect to Data Sources Screen

Enable/disable user role to access the data sources screen and connect/fetch data.

Outcome: User role with no permission to connect to data sources will not be able to access these screens through the landing page or navigation panel. All screens related to data analysis and queries are hidden.

Admin, Manager

Deploy a Blueprint

Enable the ability to automatically deploy a blueprint using either ServiceGrid or Kubernetes as the orchestration layer. All user roles that have access to the data sources screen can download a blueprint but need specific permission to deploy it from the Ops Manager.

Outcome: The automatic deploy of a blueprint is available/visible only for user roles that have this permission. 

Admin, Manager