The configuration file for Ctlcenter is
This file is typically configured correctly for you out of the box on a vanilla install of ControlTier. It is also rewritten when server-setup.sh is executed.
TODO: more detail about config properties
(Feature available as of version Requires Version: 3.5.4)
Role mapping is a way of adapting the User Roles provided by your authentication system to the Application Roles used by the Ctlcenter web app. This lets you work with whatever authentication provider based roles you have.
- Application Roles
- Role names used by the CTL Center application for testing whether the user is allowed to perform certain actions
- User Roles
- Role names used by an authencation system
These properties provide a mapping of allowed Application Roles to a set of specified User Roles. The defaults shown here match the set of default User Roles installed in the "file based login" mechanism when you install ControlTier.
If you use your own directory-based authentication (LDAP or AD) you may need to modify the roles you use, especially if you are unable to change the roles/groups that User profiles are assigned to in your directory.
These are the Application Roles that the role mapping can override:
|Application Role name||description||default User Role mapping|
|admin||Super user - all application actions are allowed||admin|
|user_admin||modify user profiles||admin|
|workflow_create||Create new Jobs||architect|
|workflow_update||Edit existing Jobs||architect|
|workflow_kill||Kill running jobs||deploy,build|
|workflow_run||Execute a Job||deploy,build|
|events_read||Read/view Event logs||user|
|events_create||Create new Events||user|
|events_update||Modify Events (unused)||architect|
|events_delete||Delete Events (unused)||architect|
|resources_create||Create Resources (unused)||deploy,build|
|resources_update||Update Resources (unused)||deploy,build|
|resources_delete||Delete Resources (unused)||deploy,build|
|job_view_unauthorized||special role for viewing jobs that the user is unauthorized to run||ct_job_view_unauthorized|
- Note: Setting the mapping value to a comma-separated list of Role names grants that Application Role to a user in any of the mapped roles.
If no role mapping is defined for an Application Role, then the literal name of the Application Role will be tested as the role name. E.g. If "mappedRoles.admin" is not defined, then a role named "admin" will be used.
The default set of roles and mappings are listed here:
# #Map ctlcenter actions to allowed roles # mappedRoles.X=A,B,C # means allow X to users in role A, B or C # mappedRoles.admin=admin mappedRoles.user_admin=admin mappedRoles.workflow_read=user mappedRoles.workflow_create=architect mappedRoles.workflow_update=architect mappedRoles.workflow_delete=architect mappedRoles.workflow_kill=deploy,build mappedRoles.workflow_run=deploy,build mappedRoles.events_read=user mappedRoles.events_create=user mappedRoles.events_update=architect mappedRoles.events_delete=architect mappedRoles.resources_read=user mappedRoles.resources_create=deploy,build mappedRoles.resources_update=deploy,build mappedRoles.resources_delete=deploy,build #special role for viewing jobs unauthorized to run mappedRoles.job_view_unauthorized=ct_job_view_unauthorized
You can replace all of the User Roles shown in this file with your own custom role names from your directory service.
You can modify some display features of the CTL Center GUI by setting these properties:
|ctlcenter.gui.title||Title shown in app header||Test App|
|ctlcenter.gui.logo|| Logo icon path relative to the ||test/test-logo.png|
|ctlcenter.gui.logo-width||Icon width for proper display (32px is best)||32px|
|ctlcenter.gui.logo-height||Icon height for proper display (32px is best)||32px|
|ctlcenter.gui.appsmenu||Show the "Apps.." menu with a link to Workbench (true/false)||true|
|ctlcenter.gui.titleLink||URL for the link used by the app header icon. Defaults to the ControlTier server frontpage URL.||http://google.com|