10. User Permission Configuration¶
From the Specification Compliance Manager (SCM) 2023 Q2 release, users must have user-level permissions to use some features. SCM includes an EXE tool that must be executed by the administrator after installation.
10.1 How to Configure¶
-
Update a configuration file with individual user or group level information.
Refer to 10.2 User configuration for information about the configuration file.
-
Run the EXE file in the following location:
%ProgramFiles%\National Instruments\Shared\SCM\UsersPermissionConfiguration\UsersPermissionConfiguration.exe.After the execution is complete, you can find the status message in the console.
- If the execution succeeds, you can find the following success message: Users permission configuration is successful
- If the execution fails, you can find the following failure message with the path of a log file that has detailed failure information: Users permission configuration failed
Note: Don't close the EXE console until the execution is complete.
10.2 User Configuration¶
- Copy the example configuration file
%ProgramData%\National Instruments\SCM\UsersPermissionConfiguration\ExampleConfiguration\UsersRoleMapping.jsonto%ProgramData%\National Instruments\SCM\UsersPermissionConfiguration\in the server machine. You must include user configuration in this file. -
Refer to the configuration file structure as follows and add a new object in the
roleMappingsarray for each type of user configuration that you want to configure.{ "roleMappings": [ { "type": "string", "key": "string", "value": "string" } ] } -
If the array contains an example object as follows, remove it after you read the information. The example object is added for your reference only.
{ "type": "provide the type of mapping for eg., windows-user, windows-group, ldap-group, ldap-attribute, ldap-user, oidc-claim", "key": "provide the claim key for eg., user, group, attribute, iss, email, etc", "value": "provide the required claim value here. Update these three fields with proper value before running the tool" }
10.2.1 Types of User Configurations¶
The type and key parameters accept only the specified set of values.
| Type | Key | Value |
|---|---|---|
| windows-user | user | the windows user name that will be used to login in SCM |
| windows-group | group | windows group name |
| ldap-user | user | the LDAP user name that will be used to login in SCM |
| ldap-group | group | LDAP group name |
| ldap-attribute | attribute name available for the LDAP | value of the LDAP attribute |
| oidc-claim | claim names available for the SSO provider | value of the individual claim |
Note
Values for type, key, and value parameters are case sensitive.
Refer to the following topics in SystemLink Operations Handbook for information about configuration and values of different LDAP and SSO types.
Use the following example user configurations as a reference:
{
"roleMappings": [
{
"type": "windows-group",
"key": "group",
"value": "Testers"
},
{
"type": "ldap-user",
"key": "user",
"value": "user@org.domain"
},
{
"type": "ldap-attribute",
"key": "distinguishedName",
"value": "CN=abc,CN=def,CN=org,CN=domain"
},
{
"type": "oidc-claim",
"key": "email",
"value": "user@org.domain"
},
{
"type": "oidc-claim",
"key": "iss",
"value": "https://<issuer_url>"
}
]
}
Note
The available claim keys and values for the configured Open ID connect (SSO) authentication can be obtained from the .provider file, located at
%ProgramFiles%\National Instruments\Shared\Web Server\conf\openidc.If the iss claim key is used for Open ID connect, permission will be provided for all the SSO users registered under the configured tenant.