We’re excited to announce the beginning of our blog series, “DevOptimus Prime’s Tool Tips!” This series will explore DevOps and Continuous Delivery tools, best practices, how-to’s, and new features. Transform your release pipeline with DevOptimus Prime’s Tool Tips.
XL Deploy includes fine-grained access control that ensures the security of your middleware and deployments. The security mechanism is based on the concepts of principals, roles, and permissions.
Principles, Roles, and Permissions
Principles
A security principal is an entity that can be authenticated in XL Deploy. Out of the box, XL Deploy supports only users as principals; users are authenticated by means of a user name, and password. When using an LDAP repository, users and groups in LDAP are also treated as principals.
For more information about LDAP, refer to How to connect to your LDAP or Active Directory.
Roles
Roles are groups of principals that have certain permissions in XL Deploy. Roles are usually identified by a name that indicates the role the principals have within the organization, for example, deployers. In XL Deploy, permissions can only be granted to or revoked from a role.
When permissions are granted, all principals that have the role are allowed to perform some action or access repository entities. You can also revoke granted rights to prevent the action in the future.
Permissions
Permissions are rights in XL Deploy. Permissions control what actions a user can execute in XL Deploy, as well as which parts of the repository the user can see and change. XL Deploy supports global and local permissions.
Global permissions
Global permissions apply to XL Deploy and its repository.
The following table shows the global permissions that XL Deploy supports.
| Permission | Description |
|---|---|
admin |
Grants all rights within XL Deploy. |
discovery |
The right to perform discovery of middleware. |
login |
The right to log into the XL Deploy application. This permission does not automatically allow the user access to nodes in the repository. |
security#edit |
The right to administer security permissions. |
task#assign |
The right to reassign any task to someone else. |
task#takeover |
The right to assign any task to yourself. |
task#preview_step |
The right to inspect scripts that will be executed with steps in the deployment plan. |
report#view |
The right to see all the reports. When granted, the UI will show the Reports tab. To be able to view the full details of an archived task, a user needs read permissions on both the environment and application. |
controltask#execute |
The right to execute control tasks on configuration items. |
Local permissions
In XL Deploy, you can set local security permissions on repository nodes (such as Applications or Environments) and on directories in the repository.
Continue learning about roles and permissions in XL Deploy.
Command-line Interface Import/Export
When managing XL Deploy, you need to maintain regular backups of your repository so you can restore in case of failure. You can simply back up the whole repository or use the CLI based method for import/export. This method allows you to export the XL Deploy repository tree to a ZIP file that can be imported into the same or another XL Deploy server. The ZIP file contains all configuration item (CI) properties, including artifact files.
For example, you can use this feature to create CIs in a sandbox or test instance of XL Deploy and then import them into a production XL Deploy instance.
Export and import of all the permissions and roles that are applied either globally or on individual hierarchies is not supported. However, you can use the custom cli script, Export/Import roles and permissions, which can help you with both import and export of all roles/permissions in a JSON file.
Here’s how you can use it:
- Download the raw file and save it as a python script.
- Go to XL Deploy CLI client.
- Copy the script under CLI_HOME/ext folder.
- Start the CLI and connect to the target XL Deploy Server.
- To Export, use the following command :
exportSecToFile(absoluteDirectorypath)
e.g.,exportSecToFile("/user/myuser/home/")This will write security.json in that folder. - To Import in a fresh instance, use the following command :
importSecFromFile(absoluteDirectorypath)
e.g.,importSecFromFile("/user/myuser/home/security.json")
NOTE: Make sure you’ve imported the infrastructure, environment, and other hierachies first before using this script, otherwise you’ll receive an error if it can’t find a hierachy to apply permissions to.
Continue mastering XL Deploy with our XL Deploy how-to page. It shows users all the tips and tricks they need to optimize their pipeline and start releasing software faster.
The post Repository Backups: No Permissions Left Behind appeared first on XebiaLabs.
