Repository Backups: No Permissions Left Behind

| October 10, 2016 | 0 Comments

We’re excited to announce the beginning of our blog series, “DevOptimus Prime’s Tool Tips!” This series will explore DevOps and Continuous Delivery tools, best practices, how-to’s, and new features. Transform your release pipeline with DevOptimus Prime’s Tool Tips. 


XL Deploy includes fine-grained access control that ensures the security of your middleware and deployments. The security mechanism is based on the concepts of principals, roles, and permissions.

 

Principles, Roles, and Permissions

Principles

A security principal is an entity that can be authenticated in XL Deploy. Out of the box, XL Deploy supports only users as principals; users are authenticated by means of a user name, and password. When using an LDAP repository, users and groups in LDAP are also treated as principals.

For more information about LDAP, refer to How to connect to your LDAP or Active Directory.

Roles

Roles are groups of principals that have certain permissions in XL Deploy. Roles are usually identified by a name that indicates the role the principals have within the organization, for example, deployers. In XL Deploy, permissions can only be granted to or revoked from a role.

When permissions are granted, all principals that have the role are allowed to perform some action or access repository entities. You can also revoke granted rights to prevent the action in the future.

Permissions

Permissions are rights in XL Deploy. Permissions control what actions a user can execute in XL Deploy, as well as which parts of the repository the user can see and change. XL Deploy supports global and local permissions.

Global permissions

Global permissions apply to XL Deploy and its repository.

The following table shows the global permissions that XL Deploy supports.

Permission Description
admin Grants all rights within XL Deploy.
discovery The right to perform discovery of middleware.
login The right to log into the XL Deploy application. This permission does not automatically allow the user access to nodes in the repository.
security#edit The right to administer security permissions.
task#assign The right to reassign any task to someone else.
task#takeover The right to assign any task to yourself.
task#preview_step The right to inspect scripts that will be executed with steps in the deployment plan.
report#view The right to see all the reports. When granted, the UI will show the Reports tab. To be able to view the full details of an archived task, a user needs read permissions on both the environment and application.
controltask#execute The right to execute control tasks on configuration items.

Local permissions

In XL Deploy, you can set local security permissions on repository nodes (such as Applications or Environments) and on directories in the repository.

Continue learning about roles and permissions in XL Deploy.

 

Command-line Interface Import/Export

When managing XL Deploy, you need to maintain regular backups of your repository so you can restore in case of failure. You can simply back up the whole repository or use the CLI based method for import/export. This method allows you to export the XL Deploy repository tree to a ZIP file that can be imported into the same or another XL Deploy server. The ZIP file contains all configuration item (CI) properties, including artifact files.

For example, you can use this feature to create CIs in a sandbox or test instance of XL Deploy and then import them into a production XL Deploy instance.

Export and import of all the permissions and roles that are applied either globally or on individual hierarchies is not supported. However, you can use the custom cli script, Export/Import roles and permissions, which can help you with both import and export of all roles/permissions in a JSON file.

Here’s how you can use it:

  • Download the raw file and save it as a python script.
  • Go to XL Deploy CLI client.
  • Copy the script under CLI_HOME/ext folder.
  • Start the CLI and connect to the target XL Deploy Server.
  • To Export, use the following command : exportSecToFile(absoluteDirectorypath)
    e.g., exportSecToFile("/user/myuser/home/") This will write security.json in that folder.
  • To Import in a fresh instance, use the following command : importSecFromFile(absoluteDirectorypath)
    e.g., importSecFromFile("/user/myuser/home/security.json")

 

NOTE: Make sure you’ve imported the infrastructure, environment, and other hierachies first before using this script, otherwise you’ll receive an error if it can’t find a hierachy to apply permissions to.

 


Continue mastering XL Deploy with our XL Deploy how-to page. It shows users all the tips and tricks they need to optimize their pipeline and start releasing software faster.


About the Author ()

Amit is the Lead Pre-Sales Solution Architect managing US Pre-Sales Team at XebiaLabs.