I am able to obtain information about the current deployments on the JBoss Server via JBoss CLI. (deployment-info)
I can connect to the JBoss CLI directly from the ssh terminal or from an web interface (Management console).
By using the CLI there would be much more possible then querying the deployment info.
Does anybody know if it is possible to have an user which has restricted or limited rights for the JBoss CLI?
So that this user has only rights to query the deployment information but nothing else, for instance.
You can RBAC for JBoss instance and configure user with 'monitor' role. User with this role can only perform Read-only operation. Go through documentation for more details on RBAC
Related
I have installed several application on a BizTalk 2020 server using BTDF 5.8 where I used to the application settings in the deployment to update any config for the BizTalk applications.
My own account is part of the SSO admin group and I use the in proc host account to install the apps into the BizTalk server. The proc host account is also part of the SSO admin group.
When I view the SSO using the admin or client utility no apps are shown. I also downloaded and run the BizTalk-Server-SSO-Application-Configuration-Tool. The tool also showed no current installed applications, but was able to add an application with it config.
But ideally I would like to view and edit current config as I am currently getting an error on a server with incorrect value.
Is there another tool to view and edit settings or am I missing something that must be enabled.
I want to give access to my developer to my MongoDB which is hosted by an EC2 Instance on AWS.
He should be able to make mongodump, upload the new backend and do some changes on our control Panel.
I created an IAM User with EC2FullAccess Permissions - I have seen that he was able to add his own IP to the Security Group so he could connect.
I don't feel so comfortable with that - what should I do, to secure myself that he has just enough access to do the necessary work:
Upload new code to server
Do MongoDB dump
I don't want him to be able to switch off/delete my instance or be able to delete my database at all.
Looking at your use case, you do not need to give any EC2 permissions, your developer does not even need IAM user, he can simply have the IP of the instance and the login credentials to the EC2 Instance, that should be suffice to log in to the instance and make the required changes. No need for an IAM user or AWS Console access.
IAM roles are for the purpose of accessing a service on behalf of another. Say, you want to access AWS DynamoDB or S3 from EC2 instance. In this case, an IAM role with required permissions attached to EC2 will server the purpose.
IAM User is for users who need access to AWS services either through Console or through API (programmatic). AWS credentials are required to access the service.
In your case, MongoDB is installed on EC2 and your developer needs access to "the server on which MongoDB is installed" and is not required any access of "AWS EC2 Service".
As correctly pointed out in answer by #X-Men, IAM role or IAM user is not at all required. What required is, your developer to have the IP of server and credentials to login to that server. Username-password or username-key.
Restriction which you need on developer related to MongoDB are to be configured on MongoDB itself and not on EC2 level.
When I create a binding with the service MongoDB, CF creates me a new user and provides me credentials/db name which cannot access the 'local' database as the user has not the admin role.
See below in the screenshot, I can access the 'local' database on my MongoDB installed locally on my PC and on the CF database (connected with SSH) I can only accesses the DB '201af166f4b82788' and I do not see the 'local'.
How could I grant access to the local DB to my CF user?
Thanks!
It looks like your Mongodb provider does not give you the permissions to do this. I don't think there's anything you can do to circumvent the permissions given by your provider.
If you have a legit use case that needs access, you should contact the Support team for your Mongodb provider and see if they can do anything to help.
Other options would be to find a different Mongodb provider, perhaps one that can provide you with a dedicated Mongodb server or host your own Mongodb. If you host your own then you can configure it to do whatever you want.
If you end up hosting your own or using a provider that's outside of your Cloud Foundry marketplace, you can create a user provided service (see cf cups) with the information, bind that to your app and read the information just like you would from a provider in the marketplace.
Hope that helps!
I have created a space and a BigInsight cluster on Bluemix. In order to test Knox, I need multiple users for authentication. Is it possible to create users in Bluemix Biginsight service? The ID that is provided to access the cluster does not have root access. Also, it would be helpful if someone can explain in detail how the admin-related task(adding more components like Hue,Drill using yum commands) could be performed in Bluemix Biginsights service. Thanks in advance.
I am guessing here that you have created a Bluemix Biginsights Basic (Beta) plan.
This service is a single user service and cannot have multiple users.
In addition this service is a managed service and installation of software by the user is not allowed.
This service comes with preconfigured settings and pre-installed softwares that is fixed. If you do need something apart from this, I would suggest to open a Biginsights service ticket through Bluemix Support page with a request for it and why you need the software.
The product management team will look at it and see if they can be preinstalled in the future release.
These installations will not be done on a any Basic (Beta) plan for individual clusters.
How to find the GCR LDAP server administrator ID to configure the Enterprise Workload Manager on z/OS?
I am looking for the value of the Global Configuration Repository (GCR) LDAP server administer ID to configure the Enterprise Workload Manager on z/OS.
This is about an paramter, which is used to enter the "installEWLM" command. Do anybody have an example for the Global Configuration Repository (GCR) LDAP server administer ID?
While searching, I just found, in another case, that for the LDAP user is used "cn=root".
I am working with the manual http://publib.boulder.ibm.com/infocenter/eserver/v1r2/index.jsp?topic=%2Fewlminfo%2Feicaainstallewlmzos.htm (GCR required on page 169).
Thanks!