Role-Based Access Control

starting from version 1 5 0, for role based access control (rbac), the following functionalities have been added to the floating server two roles admin and user any individual accessing server functionality must be assigned either an admin or user role admin permissions add new users and admins add and remove licenses (online, offline, and air gapped) configure license and management api urls set shared and api keys user permissions (admins and non admin users) register as a floating user add consumptions access reports check server health borrow licenses change their own password this rbac model applies to both browser and api access start the server to start the server in authentication mode, use the following command /floating server userauthentication true api access for api access, users must first log in and obtain a jwt, which is then included in subsequent requests an example is shown below if a user attempts to register without logging in, they will receive an error prompting them to log in first curl x post "http //localhost 8080/api/v4/register" \\ h "accept application/json" \\ h "content type application/json" \\ d '{ "product" "test", "user" "user1", "os hostname" "", "ip local" "0 1 1 1", "user info" "", "registered at" "2024 08 26t12 21 59 776731 07 00", "borrowed until" "0001 01 01t00 00 00z" }' response {"message" "unauthorized please log in"} to log in, users send a request containing their username and password to the /auth endpoint an example is shown below curl u 'username' 'password' http //localhost 8080/auth h "accept application/json" response {"message" "login successful","token" "eyjhbgcioijiuzi1niisinr5cci6ikpxvcj9 eyjyb2xlijoidxnlciisinvzzxjuyw1lijoidxnlcjeifq laskpwd z36wjodegknpvojnouqxyctkr9hxrlpbqww"} this endpoint returns a jwt, which the user must then include in subsequent requests after receiving the token, the user can resend the registration request using the jwt for authentication curl x post "http //localhost 8080/api/v4/register" \\ h "authorization bearer eyjhbgcioijiuzi1niisinr5cci6ikpxvcj9 eyjyb2xlijoidxnlciisinvzzxjuyw1lijoidxnlcjeifq laskpwd z36wjodegknpvojnouqxyctkr9hxrlpbqww" \\ h "accept application/json" \\ h "content type application/json" \\ d '{ "product" "test", "user" "user1", "os hostname" "", "ip local" "0 1 1 1", "user info" "", "registered at" "2024 08 26t12 21 59 776731 07 00", "borrowed until" "0001 01 01t00 00 00z" }' t he registeration is successful browser t he login page in authentication mode login page the users management tab displays a list of all users and their assigned roles admin permissions admins can add new users or remove existing ones when adding a user, the admin assigns a temporary password, which the user must change upon their first login users and admins can change their own password form the change password tab if a non admin user attempts to perform actions restricted to admins, they will receive an error message, as shown below initialize users initializing the first admin user the first admin user can be set up during the server initialization by adding a password hash to the config/config yaml file in the following format generate the sha 256 hash of the admin's password enter this hash into the config file as shown below this will create an admin user with the username "admin," and the specified password will be registered in the server's database this admin can then add other users later example yaml format for admin setup password hash for website login (e g https //bcrypt generator com/) websitepassword $2y$10$lsimfx54hfopbceint3ppe4jw7wgxuyyrjsvldggx5rvv4m39atyg here’s an improved version of the text for your documentation initializing the first admin user the first admin user can be set up during the server initialization by adding a password hash to the config/config yaml file in the following format generate the sha 256 hash of the admin's password enter this hash into the config file as shown below this will create an admin user with the username "admin," and the specified password will be registered in the server's database this admin can then add other users later example yaml format for admin setup password hash for website login (e g , https //bcrypt generator com/) websitepassword $2y$10$lsimfx54hfopbceint3ppe4jw7wgxuyyrjsvldggx5rvv4m39atyg note on version 1 5 0 in version 1 5 0, user initialization in the config file allowed multiple users with any role to be specified however, this was restricted starting in version 1 5 1 and later versions in version 1 5 0, the configuration format for multiple users looked like this users user1 username user1 password pass1 role user user2 username user2 password pass2 role admin starting from version 1 5 1, user initialization is limited to a single admin user at the setup stage number of admins at least one admin is required when running the server in authentication mode if no admin is configured, the server will fail to launch, displaying an error message requesting you to provide the necessary configuration storage user information is stored in the database, and passwords are securely stored as hashed values