Permissions
By default, both root and users with the system-administrator role have access to all of the provisioning API commands.
A dedicated permissions called provisioningAccess provides access to all provisioning API commands.
systemTools permission instead of provisioningAccess.Customize Permissions
Starting with Jahia 8.2.0.0, access to provisioning APIs operations can be fine-tuned via security filter permissions.
You can fine-tune permissions individually for provisioning commands via Jahia security-filter, please refer to its documentation to learn more about its usage.
Available grants
The following grants can be used with the security-filter.
| Operation | Grant |
| addFeatureRepository | provisioning.addFeature |
| addMavenRepository | provisioning.addMavenRepository |
| if | provisioning.conditional |
| createSite | provisioning.createSite |
| deleteSite | provisioning.deleteSite |
| editConfiguration | provisioning.editConfiguration |
| installConfiguration | provisioning.editConfiguration |
| enable | provisioning.enable |
| executeScript | provisioning.executeScript |
| importSite | provisioning.importSite |
| import | provisioning.import |
| include | provisioning.include |
| installBundle | provisioning.installBundle |
| installAndStartBundle | provisioning.installBundle |
| installAndStartBundle | provisioning.installBundle |
| installFeature | provisioning.installFeature |
| uninstallFeature | provisioning.installFeature |
| karafCommand | provisioning.karafCommand |
| sleep | provisioning.sleep |
| startBundle | provisioning.startBundle |
| stopBundle | provisioning.stopBundle |
| uninstallBundle | provisioning.uninstallBundle |
Example
The following security-filter configuration file creates a custom permission called customPermission, allowing users attached to the permission to perform only the installBundle and startBundle operations.
my_scope:
description: My custom rule
metadata:
visible: true
auto_apply:
- always: true
constraints:
- user_permission: customPermission
path: /
grants:
- api: provisioning.installBundle
- api: provisioning.startBundle