Permissions

October 8, 2024

By default, both root and users with the system-administrator role have access to all of the provisioning API commands.

A dedicated permissions called provisioningAccess provides access to all provisioning API commands.

In earlier versions of Jahia (below 8.2.0.0), the provisioning API is attached to the systemTools permission instead of provisioningAccess.

Customize Permissions

Starting with Jahia 8.2.0.0, access to provisioning APIs operations can be fine-tuned via security filter permissions.

You can fine-tune permissions individually for provisioning commands via Jahia security-filter, please refer to its documentation to learn more about its usage.

Available grants

The following grants can be used with the security-filter.

Operation Grant
addFeatureRepository provisioning.addFeature
addMavenRepository provisioning.addMavenRepository
if provisioning.conditional
createSite provisioning.createSite
deleteSite provisioning.deleteSite
editConfiguration provisioning.editConfiguration
installConfiguration provisioning.editConfiguration
enable provisioning.enable
executeScript provisioning.executeScript
importSite provisioning.importSite
import provisioning.import
include provisioning.include
installBundle provisioning.installBundle
installAndStartBundle provisioning.installBundle
installAndStartBundle provisioning.installBundle
installFeature provisioning.installFeature
uninstallFeature provisioning.installFeature
karafCommand provisioning.karafCommand
sleep provisioning.sleep
startBundle provisioning.startBundle
stopBundle provisioning.stopBundle
uninstallBundle provisioning.uninstallBundle

Example

The following security-filter configuration file creates a custom permission called customPermission, allowing users attached to the permission to perform only the installBundle and startBundle operations.


my_scope:
  description: My custom rule
  metadata:
    visible: true
  auto_apply:
    - always: true
  constraints:
    - user_permission: customPermission
      path: /
  grants:
    - api: provisioning.installBundle
    - api: provisioning.startBundle