Enabling role based access for LDAP

Owned by DevaDarshini.S
Nov 08, 2023
2 min read

Sigma can be enabled for users defined in the Lightweight Directory Access Protocol (LDAP) system.

Perform the following steps to enable role-based access to Sigma for users in LDAP:

  1. Create a TEST_LDAP table in the target schema with the following columns.

    USER_NO, PRODUCT, SUBPROD, FUNCTION. The USER_NO column must contain the unique ID given for each user in LDAP.

     

  2. In Canvas Studio, create a SQL query data source to access the entitlement, e.g. LDAP_ENTITLEMENT_DS. Refer the following query that fetches the data from the TEST_LDAP table, Refer Create a DB Data Source.
    SELECT USER_NO, PRODUCT, SUBPROD, TEST_LDAP.FUNCTION FROM TEST_LDAP.
    Now the entitlements are taken from the datasource. You can pass the role as a filter in the datasource.

  3. Open the securityconfig.properties file in the sigma application WAR file.
    For Example: …\apache-tomcat-10.0.27\webapps\sigma.war\WEB-INF\lib\SigmaResources.jar\.

    1. Enable the datasource in DS_BASED_ENTITLEMENT.
      DS_BASED_ENTITLEMENT = Y

    2. Mention the datasource ID in ENTITLEMENT_DS.
      ENTITLEMENT_DS = LDAP_ENTITLEMENT_DS

  4. Open the implclassconfig.properties file in the sigma application WAR file.
    For Example: …\apache-tomcat-10.0.27\webapps\sigma.war\WEB-INF\lib\SigmaResources.jar\.

    1. Enable the entitlement in VIEW_ENTITLEMENT_CLASS as LDAPViewEntitlement.

       

  5. Restart the server to enable the changes done in the property files.

  6. In Canvas Studio, create the product, subproduct and function in the Role mapping that you want to use, Refer Creating Entitlements.
    For example:

    Create the product, subproduct and function in the role mapping screen, e.g. ABC1, ABC2 and ABC3. Map these entitlements to an app and map this app to a workspace. Now the users mapped with this entitlement in the table can see the configured app.

  7. After entitlement is created, map it to the reports.

Â