Open Metadata and Governance
Home
Contribute
Tutorials
Samples
Release Notes
Open Metadata Types
Glossary
Site
Design
About

Configuring the server security connector

Metadata that is being aggregated from many different sources is likely to need comprehensive access controls.

Egeria provides fine-grained security control for metadata access. It is implemented in a server security connector that is called whenever requests are made for to the server.

Security is configured for a specific OMAG Server by adding a connection for this connector to the server’s Configuration Document using the following command.

POST {serverURLRoot}/open-metadata/admin-services/users/{adminUserId}/servers/{serverName}/security/connection

This passes in a connection used to create the server security connector in the request body.

{
    "class": "Connection",
    "connectorType": {
        "class": "ConnectorType",
        "connectorProviderClassName": "{fullyQualifiedJavaClassName}"
    }
}

For example, this is the connection that would set up the sample server security connector provided for the Coco Pharmaceuticals case study:

{
    "class": "Connection",
    "connectorType": {
        "class": "ConnectorType",
        "connectorProviderClassName": "org.odpi.openmetadata.metadatasecurity.samples.OpenMetadataServerSecurityProvider"
    }
}

Querying which connector is in use in an OMAG Server

It is possible to query the setting of the server security connector using the following command:

GET {serverURLRoot}/open-metadata/admin-services/users/{adminUserId}/servers/{serverName}/security/connection

If the response is:

{
    "class": "ConnectionResponse",
    "relatedHTTPCode": 200
}

then no connector is set up and no authorization checks are occurring.

If the response looks more like the JSON below, a connector is configured. The connectorProviderClassName tells you which connector is being used.

{
    "class": "ConnectionResponse",
    "relatedHTTPCode": 200,
    "connection": {
        "class": "Connection",
        "connectorType": {
            "class": "ConnectorType",
            "connectorProviderClassName": "{fullyQualifiedJavaClassName}"
        }
    }
}

Removing the configured configuration document store connector

It is possible to remove the configuration for the connector using the following command:

DELETE {serverURLRoot}/open-metadata/admin-services/users/{adminUserId}/servers/{serverName}/security/connection

This removes all authorization checking from the server.

Return to Configuring the OMAG Server

License: CC BY 4.0, Copyright Contributors to the ODPi Egeria project.