This project has moved. For the latest updates, please go here.
As of version 2.0.131, the permissions for commands has changed. To see the original list, see version 3 of this page.

Remote Console Security

As of version 1.5.190 of the openPDC, remote console security has been enabled by default. These security features will be available in the final release of v1.5 SP1. This page details the changes that have been made to the security features in this version of the openPDC.

Config file settings

The following settings were modified to enable security. These are the new defaults, but if you are upgrading from a previous version, they will not override your security settings. Apply these changes manually to enable the new security features.
  • In openPDC.exe.config:
    • The value of categorizedSettings/serviceHelper/SecureRemoteInteractions has been set to True.
    • The value of categorizedSettings/remotingServer/IntegratedSecurity has been set to True.
    • The categorizedSettings/securityProvider section has been copied from openPDCManager.exe.config with the following changes.
      • The value of ApplicationName has been set to openPDC.
      • The value of IncludedResources has been set to UpdateSettings,UpdateConfigFile=Special; Settings,Schedules,Help,Status,Version,Time,Health,List,Invoke,ListCommands,ListReports,GetReport=*; Processes,Start,ReloadCryptoCache,ReloadSettings,Reschedule,Unschedule,SaveSchedules,LoadSchedules,ResetHealthMonitor,Connect,Disconnect,Initialize,ReloadConfig,Authenticate,RefreshRoutes,TemporalSupport,LogEvent,GenerateReport,ReportingConfig=Administrator,Editor; *=Administrator. (More on this below.)
  • In openPDCConsole.exe.config:
    • The value of categorizedSettings/remotingClient/IntegratedSecurity has been set to True.

Database settings

Database scripts have been updated to allow the openPDC Manager to properly connect to the service as well. Again, if you are upgrading from a previous version, apply this change manually.
  • In the Node table of the database (Manage > Nodes in the openPDC Manager):
    • In the Settings field, RemoteStatusServerConnectionString={server=localhost:8500} has been changed to RemoteStatusServerConnectionString={server=localhost:8500;integratedSecurity=true} .

Console permissions

In much the same way that the Manager handles permissions based on roles defined in the database, now the openPDC does as well. Certain commands are restricted such that editors or viewers will not be able to enter them into the console. This is handled by the IncludedResources setting in openPDC.exe.config (mentioned above). The following gives a breakdown of all possible commands in the system and the permissions associated with them.

ADMINISTRATOR, EDITOR, VIEWER
-----------------------------
Settings
Schedules
Help
Status
Version
Time
Health
List
Invoke
ListCommands
ListReports
GetReport

ADMINISTRATOR, EDITOR
---------------------
Processes
Start
ReloadCrytpoCache
ReloadSettings
Reschedule
Unschedule
SaveSchedules
LoadSchedules
ResetHealthMonitor
Connect
Disconnect
Initialize
ReloadConfig
Authenticate
RefreshRoutes
TemporalSupport
LogEvent
GenerateReport
ReportingConfig

ADMINISTRATOR
-------------
Clients
History
Abort
Restart


The IncludedResources setting can be used to modify these permissions. It is defined as a semicolon-separated list of permissions. Each permission record in the semicolon-separated list consists of two comma-separated lists, one on each side of an equals sign. The list on the left-hand side of the equals sign defines the list of commands. The list on the right-hand side of the equals sign defines the roles which are allowed to use those commands. An asterisk can be placed on either side of the equals sign to indicate "all commands" or "all roles". The breakdown below should help in understanding it.

UpdateSettings,UpdateConfigFile=Special;
The UpdateSettings and UpdateConfigFile commands are not available to any roles.
Settings,Schedules,Help,Status,Version,Time,Health,List,Invoke,ListCommands,ListReports,GetReport=*;
The Settings, Schedules, Help, Status, Version, Time, Health, and List commands are available to all roles (Administrator, Editor, Viewer).
Processes,Start,ReloadCryptoCache,ReloadSettings,Reschedule,Unschedule,SaveSchedules,LoadSchedules,ResetHealthMonitor,Connect,Disconnect,Initialize,ReloadConfig,Authenticate,RefreshRoutes,TemporalSupport,LogEvent,GenerateReport,ReportingConfig=Administrator,Editor;
The long list of commands on the left are available only to Administrators and Editors.
*=Administrator
All commands are available to Administrators.

Also note that the semicolon-separated list is traversed only until a rule is matched, and that one rule will be used to determine whether a role has permission to use that command. For instance, the following ruleset would actually restrict the List command so that Administrators and Editors would not be able to use it.

List=Viewer; *=Administrator,Editor
Likewise, the following ruleset would restrict the system so that only Administrators could use commands.

*=Administrator; List=Editor,Viewer

Last edited Mar 27, 2014 at 7:21 PM by staphen, version 4

Comments

No comments yet.