Users, RBAC and Authentication#
By default, the portal uses local authentication. You can also use LDAP as the source of authentication.
A Role-Based Access Control controls access to modules and data.
Unryo supports multi-tenancy, by providing a very flexible mechanism to partition information by department, business service, site, or any logical group. You can configure fine-grained access to users using any combination of metadata tags.
Manage Users and Groups#
This is the section where you can create, modify, and remove individual user accounts or groups.
Platform Administration >
Integration with external authentication services#
The Unryo Platform is currently capable of using LDAP servers as a source of authentication information. You can access this via your Unryo Portal:
Step 1: Click on the gear icon at the top right and then on "Users & Groups".
Step 2: Click on the "Auth Backends" tab.
You will be able to manage your external authentication services here via a configuration wizard.
Step 3: By default, external users the "Default" group, which you can find in the "Groups" tab of the "Users & Groups" page. The "Default" group has somewhat restricted access to the Unryo Platform.
To give your LDAP users different permissions, create a new group with your desired permissions. To make your LDAP users be a part of the new group, you will have to add either:
- user-members that match your LDAP users or:
- group-members that match one of the LDAP groups your LDAP user belongs to.
Let us illustrate with an example. By default,
userNameField in the "User
Search" step and
groupNameField in the "Group Search" step of the LDAP
configuration wizard are set to
Suppose you have an LDAP user whose
sAMAccountName is "Geraldo" and that he
is a member of a group whose
cn is "LDAPUnryoAdmins".
You can grant Geraldo admin privileges on your Unryo Platform by creating a new Unryo group with a user-member called "Geraldo". User-members are in fact regular expressions, so "Ge." and ".aldo" would also make Geraldo a part of the group.
You can also grant all members of "LDAPUnryoAdmins" admin privileges by adding a group-member called "LDAPUnryoAdmins" to an Unryo group with admin privileges. Like user-members, groups-members are regular expressions, so ".Unryo." would also work.