User and access management in the JSON risk app is straightforward due to the simple access rights concept. The permissions of a user are defined by the access rights below:
u
- manage users (admin permission)r
- read dataw
- write datax
- execute jobs
Setting up users requires a user with the u
permission. A new instance of the JSON risk app has no users. Therefore, you need to set up at least one user on the command line. That is what the jr_user_add
command is for. The command ./jr_user_add INSTANCE USER
adds a new user with name USER
and permission u
in the instance INSTANCE
. If the instance does not exist, it is created.
The jr_user_add
command asks for a password. Your input is subject to the naming conventions below:
- A username can only contain letters, numbers, hyphens and underscores.
- An instance can only contain letters, numbers, hyphens and underscores.
- A password cannot contain whitespace.
An admin user (i.e., one with the u
permission) can manage all user accounts in the user management applet by clicking Accounts
. The applet supports a list of actions:
- Add a new user: Clicking the button
Add User
opens a dialog with the fields name, email and permissions. An E-Mail address is needed for passwordless login. ClickingSave
stores the new user. The buttonCancel
closes the dialog without any changes. A newly added user does not have a password. In order to add a user with a password, use thejr_user_add
command and subsequently change permissions and set an E-Mail address in the user interface. - Edit an existing user: Clicking the button
Edit
for an existing user in the list opens a dialog with the fields name, email and permissions. An E-Mail address is needed for passwordless login. ClickingSave
stores the modified user. The buttonCancel
closes the dialog without any changes. - Lock and unlock users: Click
Lock
on an unlocked user orUnlock
on a locked user.
Each user can change his own password in the user management applet by clicking Update password
. In the dialog that opens, users can supply a new password.
For passwordless login, a valid E-Mail configuration (SMTP credentials) has to be setup in the file .security.json
in the installation directory. Here is an example of a valid JSON file.
{
"mail": {
"host": "mail.example.net",
"port": 587,
"username": "example",
"password": "secret",
"external_host": "https://jsonrisk.example.net"
}
}
If a user has been stored with a valid E-Mail address, the user can login passwordless by just entering instance name and user name into the login prompt and leaving the password field empty. That works even if the user does not have a password set. Once a user is logged in, the user can also set a password.