Understanding Authentication, Users, and Roles in Metal Server
Overview of Authentication in Metal Server
Metal Server uses a robust authentication system to verify the identity of users and systems. The authentication process is handled through the server.authentication section of the config.yml file.
Configuring Authentication
To configure authentication in Metal Server, you need to add the following code to the server.authentication section of the config.yml file:
server:
authentication:
type: localThis code enables local authentication for the Metal Server.
It is possible to assign a default role to the authenticated user by adding the following code to the server.authentication section of the config.yml file:
server:
authentication:
type: local
default-role: guest # the role is already created in roles sectionUser Management
Users are the entities that interact with the Metal Server. Each user has a unique username and password, and can be assigned to one or more roles.
Creating Users
To create new users, you need to add the following code to the users section of the config.yml file:
Example
users:
myapiuser:
password: myStr@ngpa$$w0rd
guest:
password: guestpasswordThis code creates two new users, mypaiuser and guest, with the specified passwords.
Role-Based Access Control
Roles are used to determine what actions a user can perform and what data they can access. Each role has a unique name and a set of permissions that define what actions can be performed.
Creating Roles
To create a new role, you need to add the following code to the roles section of the config.yml file:
roles:
admin: ar # ar = admin, read
all-rights: crudla # crudla = create, read, update, delete, list, admin
guest: r # r = readThis code creates three new roles, admin, all-rights, and guest, with the specified permissions.
Permissions
| Permission | Description |
|---|---|
c | Create data |
r | Read data |
u | Update data |
d | Delete data |
a | Administrate server |
l | List schema entities |
Assigning Roles to Users
To assign a role to a user, you need to add the following code to the users section of the config.yml file:
users:
myapiuser:
password: myStr@ngpa$$w0rd
roles: [admin, all-rights] # Assign the 'admin' and 'all-rights' roles to myapiuser
guest:
password: guestpassword
roles: [guest] # Assign the 'guest' role to guestThis code assigns the admin role to the myapiuser user and the guest role to the guest user.
Final configuration
The final configuration will be:
server:
authentication:
type: local
default-role: guest
roles:
admin: ar
all-rights: crudla
guest: r
users:
myapiuser:
password: myStr@ngpa$$w0rd
roles: [admin, all-rights]
guest:
password: guestpassword
roles: [guest]Troubleshooting
- Authentication Errors: Check the
server.authenticationsection of theconfig.ymlfile for any errors or misconfigurations. - User Management Issues: Check the
userssection of theconfig.ymlfile for any errors or misconfigurations. - Role-Based Access Control Issues: Check the
rolessection of theconfig.ymlfile for any errors or misconfigurations.
Conclusion
In this technical guide, we have explored the concept of authentication, users, and roles in Metal Server. We have seen how to configure authentication, create new users and roles, and assign roles to users. By understanding these features, you can create a secure and controlled environment for your users to interact with your data.