Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


By default User Accounts are granted Permissions for all the Controller and Controller Clusters in a scheduling environment. Permissions that are only applicable to a particular Controller or Controller Cluster can be added in a role. This is done in the Manage Roles tab of the Identity Management Service for JOC.

Image Added

In the screenshot, the demo_role Role has been assigned for the controller with the ID controller2.2.0. and will appear in the list of the role as shown.
Image Added

In this configuration, the demo_role will not yet have any Permissions that are specific to the controller2.2.0. At least one Permission needs to be added before the controller2.2.0 - demo_role configuration will be permanently saved.

The interaction of default and controllers-specific Permissions within the same Role can be illustrated as follows.

  • default Permissions:
    • sos:products:controller:view
  • Master-specific Permissions:
    • sos:products:controller:agents:view

The dashboard view for all controllers in the environment will show the status of the current controller but the status of Agent Clusters will only be shown for the specified controller - in this case controller2.2.0


Folders are used to restrict User access to the objects such as workflows and Schedules. This means that, for example, Users can be restricted to accessing only objects for particular mandators / clients.

By default, Permissions are granted for all the folders. However, Roles can be restricted to accessing specific folders.

This is done by granting a Folder Permission, i.e. Permissions to view the content of a folder. When this is done, the Permissions to view all other folders are automatically revoked.

Granting Folder Permissions

Folder Permissions are granted in the Permissions View. Note that before Folder Permissions can be saved for a Role, the Role has to be specified for a User. In the example below, a test user and demo_role have already been configured and the demo folder created on the file system.

To open the Permissions view for a particular Role, first open the Identity Management Service for JOC view, switch to Manage Roles and select the Role that is to be granted Folder Permissions. To do this, click on the Role name in the Roles list.

Now click on the Add Folders button and in the Add Folders modal window, select the subfolder or the parent folder demo/ or /demo/*.
Image Added

Check the Recursive box in the Add Folders modal window if required and then click on Submit.

Any User that is allocated this demo_role will now only be able to see JobScheduler objects in the demo folder.

Note that the test user will only be able to log in to the JOC Cockpit if they have at least one Role granting them the following Permission:

  • sos:products:controller:view

Roles with Folder Permissions are often configured for Users in combination with default Roles.

Shiro Identity Service Settings