Using DevTest Resource Groups with LDAP/LDAPs
Article ID: 103164
Updated On:
Products
CA Application Test
Service Virtualization
CA Continuous Application Insight (PathFinder)
Issue/Introduction
Resource groups are one or more DevTest Servers or VSEs. Define resource groups to determine the resources that a user or a project can access.
When using ACL, associate roles with resource groups to determine which roles can act on which resources.
When using ACL, associate roles with resource groups to determine which roles can act on which resources.
Environment
Release:
Component: ITKOTF
Component: ITKOTF
Resolution
The Super User role should not be assigned to any Resource Groups, since it needs access to all resources.
You should only create Resource Groups for those users that need the limited access.
This example of for use with 3 VSEs with the role of SV Power.
Create 3 new roles, make a copy of SV Power:
SV Power1
SV Power2
SV Power3
The Users that need access to only VSE1, give them only SV Power1 role.
The Users that need access to only VSE2, give them only SV Power2 role.
The Users that need access to only VSE3, give them only SV Power3 role.
Create 3 Resource Groups:
One that contains just VSE1
One that contains just VSE2
One that contains just VSE3.
Assign SV Power1 role to Resource Group VSE1.
Assign SV Power2 role to Resource Group VSE2.
Assign SV Power3 role to Resource Group VSE3.
In order to have certain users assigned to particular VSEs, you will need to request the 3 additional groupDNs created in your Active Directory and make sure they are removed from the GroupDN that has access to all VSEs.
Add the new roles to the ldap-mappings.xml file.
Example, the new roles are added at the end:
<mapping role="Super User">
<groupDN>cn=superadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="DevTest Administrator">
<groupDN>cn=devadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="Test Administrator">
<groupDN>cn=testadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="System Administration">
<groupDN>cn=sysadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="PF Power">
<groupDN>cn=pfadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="SV Power">
<groupDN>cn=svadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="Test Power">
<groupDN>cn=tpadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="Runtime">
<groupDN>cn=rtadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="Test Runner">
<groupDN>cn=tradmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="Test Observer">
<groupDN>cn=toadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="Load Tester">
<groupDN>cn=ltadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="User">
<groupDN>cn=users,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="Guest">
<groupDN>cn=guests,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="SV Power1">
<groupDN>cn=sv1admins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="SV Power2">
<groupDN>cn=sv2admins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="SV Power3">
<groupDN>cn=sv3admins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
Users can then log in to the Portal or Workstation and have access to only the resources they need to have access to.
You should only create Resource Groups for those users that need the limited access.
This example of for use with 3 VSEs with the role of SV Power.
Create 3 new roles, make a copy of SV Power:
SV Power1
SV Power2
SV Power3
The Users that need access to only VSE1, give them only SV Power1 role.
The Users that need access to only VSE2, give them only SV Power2 role.
The Users that need access to only VSE3, give them only SV Power3 role.
Create 3 Resource Groups:
One that contains just VSE1
One that contains just VSE2
One that contains just VSE3.
Assign SV Power1 role to Resource Group VSE1.
Assign SV Power2 role to Resource Group VSE2.
Assign SV Power3 role to Resource Group VSE3.
In order to have certain users assigned to particular VSEs, you will need to request the 3 additional groupDNs created in your Active Directory and make sure they are removed from the GroupDN that has access to all VSEs.
Add the new roles to the ldap-mappings.xml file.
Example, the new roles are added at the end:
<mapping role="Super User">
<groupDN>cn=superadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="DevTest Administrator">
<groupDN>cn=devadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="Test Administrator">
<groupDN>cn=testadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="System Administration">
<groupDN>cn=sysadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="PF Power">
<groupDN>cn=pfadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="SV Power">
<groupDN>cn=svadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="Test Power">
<groupDN>cn=tpadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="Runtime">
<groupDN>cn=rtadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="Test Runner">
<groupDN>cn=tradmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="Test Observer">
<groupDN>cn=toadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="Load Tester">
<groupDN>cn=ltadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="User">
<groupDN>cn=users,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="Guest">
<groupDN>cn=guests,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="SV Power1">
<groupDN>cn=sv1admins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="SV Power2">
<groupDN>cn=sv2admins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="SV Power3">
<groupDN>cn=sv3admins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
Users can then log in to the Portal or Workstation and have access to only the resources they need to have access to.
Feedback
Yes
No
Powered by
