Question:
How to add groups to assign pipeline permissions to sets of users in an environment where the Data Collector is enabled with LDAP
Answer:
Regarding mapping LDAP groups to Data Collector roles:
- You map LDAP groups to Data Collector roles. An authenticated user account that belongs to that LDAP group can complete the tasks determined by the mapped role.
- After you map LDAP groups to Data Collector roles, you can assign pipeline permissions to the groups. Pipeline permissions determine the pipeline access that each user has. For example, say you have an LDAP Developer group for all pipeline developers. When you configure the Data Collector LDAP properties, you assign the Creator role to the Developer group so they can create new pipelines. To allow the group to edit existing pipelines, you configure the permissions for each pipeline and assign read and write permission to the Developer group.
- To map LDAP groups to Data Collector roles, configure the http.authentication.ldap.role.mapping property.
Regarding the pipeline permissions in the Data Collector:
- To use pipeline permissions, enable the pipeline.access.control.enabled Data Collector configuration property, and configure the permissions on a pipeline-by-pipeline basis. By default, the pipeline.access.control.enabled property is disabled.
- Note: When enabled, the pipeline owner and users with the Admin role have full access to a pipeline, and other users have no access.
- Then, you can configure Sharing Pipelines from the SDC UI --> Home page, select the pipeline, click the More icon, and click Share, or from the pipeline canvas, click the Share icon:
