Configuring the server security connector

Metadata that is being aggregated from many different sources is likely to need comprehensive access controls.

Egeria provides fine-grained security control for metadata access. It is implemented in a server security connector that is called whenever requests are made for to the server.

Security is configured for a specific OMAG Server by adding a connection for this connector to the server’s Configuration Document using the following command.

POST {serverURLRoot}/open-metadata/admin-services/users/{adminUserId}/servers/{serverName}/security/connection

This passes in a connection used to create the server security connector in the request body.

{
    "class": "Connection",
    "connectorType": {
        "class": "ConnectorType",
        "connectorProviderClassName": "{fullyQualifiedJavaClassName}"
    }
}

For example, this is the connection that would set up the sample server security connector provided for the Coco Pharmaceuticals case study:

{
    "class": "Connection",
    "connectorType": {
        "class": "ConnectorType",
        "connectorProviderClassName": "org.odpi.openmetadata.metadatasecurity.samples.OpenMetadataServerSecurityProvider"
    }
}

Querying which connector is in use in an OMAG Server

It is possible to query the setting of the server security connector using the following command:

GET {serverURLRoot}/open-metadata/admin-services/users/{adminUserId}/servers/{serverName}/security/connection

If the response is:

{
    "class": "ConnectionResponse",
    "relatedHTTPCode": 200
}

then no connector is set up and no authorization checks are occurring.

If the response looks more like the JSON below, a connector is configured. The connectorProviderClassName tells you which connector is being used.

{
    "class": "ConnectionResponse",
    "relatedHTTPCode": 200,
    "connection": {
        "class": "Connection",
        "connectorType": {
            "class": "ConnectorType",
            "connectorProviderClassName": "{fullyQualifiedJavaClassName}"
        }
    }
}

Removing the configured configuration document store connector

It is possible to remove the configuration for the connector using the following command:

DELETE {serverURLRoot}/open-metadata/admin-services/users/{adminUserId}/servers/{serverName}/security/connection

This removes all authorization checking from the server.


Return to Configuring the OMAG Server


License: CC BY 4.0, Copyright Contributors to the ODPi Egeria project.