Subjects
StackState Self-hosted v5.1.x
Link your existing authentication provider to StackState RBAC
StackState is configured by default with file based authentication with predefined roles for Guests (very limited permission level), Power Users and Administrators (full permission level). To change the configuration to use LDAP authentication, see authentication docs.
How to make a new user or group with scopes
To create a new subject (a group or a username), you must follow the stac CLI route below. When you create a subject, it has no permissions at first. All custom subjects need a scope by design, so they don't have access to the full topology. This is a security requirement that makes sure that users have access only to what they need.
Examples
Create the
stackstatesubject with a scope that allows the user to see all elements with theStackStatelabel:
sts rbac create-subject --subject stackstate --scope 'label = "StackState"'From StackState v5.0, the old sts CLI is called stac. The old CLI is now deprecated.
The new sts CLI replaces the stac CLI. It's advised to install the new sts CLI and upgrade any installed instance of the old sts CLI to stac. For details see:
stac subject save stackstate 'label = "StackState"'Give more context and specific limitations, create the subject
stackstateManagerwith the same scope of theStackStatelabel and additional access to Business Applications within that label:
sts rbac create-subject --subject stackstateManager --scope 'label = "StackState" AND type = "Business Applications"'From StackState v5.0, the old sts CLI is called stac. The old CLI is now deprecated.
The new sts CLI replaces the stac CLI. It's advised to install the new sts CLI and upgrade any installed instance of the old sts CLI to stac. For details see:
stac subject save stackstateManager 'label = "StackState" AND type = "Business Applications"'Last updated