Configurations Required to Support RWX

ModelOp Center supports two different modes:

Unsecured: OAuth 2.0 is disabled, meaning that no login is required in order to access the ModelOp services
Secured: OAuth 2.0 is enabled, including enforcing role-based access controls with read/write/execute (RWX) permissions

The focus of this document is on how to configure ModelOp Center in Secured mode with RWX.

To configure ModelOp Center for secured mode with RWX, set the following configuration property:

modelop:
  security:
    mode: rwx

The configuration property should be set in a Spring Cloud Config Server (SCCS) yaml shared between all services. For example, in application-base_secured.yaml.

Additionally, depending on the identity provider used, the corresponding identity provider section in application.yaml needs to be populated.

For a complete list of the ModelOp Center supported identity providers, please refer to the following document: Supported OAuth 2.0 Identity Providers.

Once configured and deployed, ModelOp Center will create a new table, _group_access_privilege, in the database to store the granted RWX permissions.

Please note:

Users will be automatically granted RWX permissions to the group(s) they belong to. However, those permissions will not be stored in the table because they are implied.
Admin user(s) cannot manage RWX permissions for groups unknown to ModelOp Center. A group becomes known once a user who belongs to that group has logged in to ModelOp Center for the first time.