Role-Based Access Control (RBAC) is a mechanism for specifying a set of permissions for management users. It allows multiple users to share responsibility for managing servers without each of them requiring unrestricted access. By providing "separation of duties" for management users, it's easy to spread responsibility between individuals or groups without granting unnecessary privileges. This ensures the maximum possible security of your servers and data while still providing flexibility for configuration, deployment, and management.
Role-Based Access Control works through a combination of role permissions and constraints. Seven predefined roles are provided that each have different fixed permissions. The predefined roles are: Monitor, Operator, Maintainer, Deployer, Auditor, Administrator, and SuperUser (select a role to get more details about its permissions). Each management user is assigned one or more roles, which specify what the user is permitted to do when managing the server.
Important: Before changing the provider to rbac
, be sure your configuration has a user who will be mapped to one of the RBAC roles, preferably with at least one in the Administrator or SuperUser role. Otherwise your installation will not be manageable unless it is shut down and the XML configuration is edited.