The following configuration items set up authentication and permissioning information for Liberator’s openauth auth module.
Openauth is the simplest Auth Module possible; it allows any username to log on to Liberator with any password. It can also specify through configuration what level of access all users have to any object in the system.
|You should only use openauth for Liberator installations where you’re sure that it’s safe for users to access the Liberator without being authenticated first; for example, in development environments.|
For background information, see the Liberator Features and Concepts page about User authentication and permissioning.
The openauth.conf configuration file
The configuration for openauth is kept in a separate Liberator configuration file called
openauth.conf. If you’re not using the Caplin Deployment Framework, you should put the openauth configuration items you require into this file. When no configuration is set, the default permissions for all users are: read access to all objects, no write access to any objects, and no permission to create any objects.
The OpenPermissioning blade
If you deploy Liberator using the Deployment Framework, the OpenPermissioning Config blade is automatically activated. This blade sets the Liberator’s auth module to openauth and configures openauth to give every user read, write and create permission for all objects. The configuration’s defined in the file
<Framework-root> represents the file path of the Deployment Framework’s topmost directory for the Platform installation).
If you want to change the access permissions (typically to deny write access whilst retaining read access), edit the above file. Don’t edit the
read-access specifes every Liberator user’s read access to objects.
1 (Every user can read all objects.)
0No user can read any objects.
1Every user can read all objects.
write-access specifies every Liberator user’s permission to write to, or create, any object.
0 (No user can write to, or create, any object.)
0No user can write to, or create, any object.
1Every user can write to, or create, any object.