Loading TOC...
Ops Director Guide (PDF)

Ops Director Guide — Chapter 8

Console Settings View

The Console Settings view allows you to configure role-based access control to resources, manage user accounts, manage licensing, and define telemetry settings.

This chapter covers the following topics:

License Information

Use the License Information page, under Console Settings/Security & Licensing, for a summary of managed hosts running under one or more MarkLogic license editions, with a breakdown of licensed cores, used cores, and the operating system platforms on which MarkLogic is running.

The displayed columns are described in the table below.

Column Description
License Edition The type of MarkLogic License. For details, see Pricing and Licensing on the MarkLogic website.
Licensed Cores The number of licensed cores. For more information, see Scalability Considerations in MarkLogic Server in Scalability, Availability, and Forest-Level Failover.
Used Cores The number of used cores. For more information, see Scalability Considerations in MarkLogic Server in Scalability, Availability, and Forest-Level Failover.
Platform The host operating system. See Supported Platforms in the Release Notes.

License Information By Host

Select a specific MarkLogic license edition to view details, broken down by host or by license edition, such as cluster name, group membership, processor architecture, and the number of CPUs, cores, and running threads.

The displayed columns are described in the table below.

Column Description
Host The list of licensed hosts in your enterprise.
Environment The MarkLogic environment. Typically, Development or Production.
Cluster The host cluster.
Group The host group.
Architecture The type of CPU hardware on which the host is running.
CPU The number of CPUs configured on the host hardware.
Cores The number of cores configured on the host hardware.
Threads The number of threads used by the host.
Licensed CPUs The number of licensed CPUs for the host.
Licensed Cores The number of licensed cores for the host.
Options Your licensed options. For details, see Displaying License Options in the Administrator's Guide and Pricing and Licensing on the MarkLogic website.
Expiration The license expiration date.
License Key The license key. For details, see Entering a License Key in the Installation Guide.
Licensee The name of the person or organization that holds the license.

License Information By License

Click on the By License tab to view the license information by license key.

The displayed columns are described in the table below.

Column Description
Licensee The name of the person or organization that holds the license.
Hosts The hosts in your enterprise.
Clusters The clusters in your enterprise.
Environment The MarkLogic environment. Typically, Development or Production.
Groups The groups in your enterprise.
Architecture The type(s) of CPU hardware used by your enterprise.
CPU The number of CPUs in your enterprise.
Cores The number of cores in your enterprise.
Threads The number of threads used by the enterprise.
Licensed CPUs The number of licensed CPUs for the enterprise.
Licensed Cores The number of licensed cores for the enterprise.
Options Your licensed options. For details, see Pricing and Licensing on the MarkLogic website.
Expiration The license expiration date.
License Key The license key. For details, see Entering a License Key in the Installation Guide.

Resource Groups

You may want to establish roles and privileges at a finer and more ad hoc granularity than is provided by the pre-defined MarkLogic roles. It is likely that roles defined within the enterprise are fairly coarse-grained and that changing roles (in an external LDAP server, for example), may be considered too 'heavy weight' for ad hoc groupings.

Resource Groups define sets of resources to which you can assign specific roles to customize user access to those resources.

The columns displayed are described in the table below.

Column Description
Group Name The name of the resource group.
Group type The type of resources in the group (Hosts, Databases, App Servers, Clusters).
Size The number of resources in the resource group.
Description The description of the resource group.
Action The action to take on the resource group (Edit or Delete).

Creating a Resource Group

Do the following to create a Resource Group.

  1. Click Create Group.
  2. In the pop-up window, enter a Group Name, select a Resource Type (Host, Database, Appserver, or Cluster), and a description for the resource group.

  3. Click Save. The new Resource Group is added to the list of Resource Groups.
  4. By default, no resources are included in the Resource Group. To include resources, click on the name of the newly created Resource Group.

  5. Scroll down to the Total Resources section and select the resource to be included in the Resource Group. This view will differ, for each type of Resource Group, as described in Resource Group Views.

    By default, you can view 10 resources per page. You can adjust how many resources to view in the Resource Group page by changing the number in the pull-down menu at the bottom of the page.

  6. When you have finished selecting resources for the Resource Group, click Assign at the bottom of the page.

Resource Group Views

Click on a resource group to display the assigned and unassigned resources, as well as assign and deassign resources. The contents of each type of resource group are described in the following sections:

Host Groups

The columns displayed for a host group are described in the table below. These settings are described in the Hosts chapter in the Administrator's Guide.

Column Description
Name The hostname of the host.
Cluster The name of the cluster on which the host resides.
Group The name of the group that contains the host.
OS The name and version of the operating system on which the host runs.
Server Version The version of MarkLogic Server running on the host.
Forests The number of forests configured for the host.
Databases The number of databases configured for the host.
App Servers The number of App Servers configured for the host.
Disk Space The amount of disk space (in MB) used on the host.
Uptime The duration (Days Hrs:Min) the host has been available.
Maint. Mode The host maintenance mode (normal or maintenance). For details, see Rolling Upgrades in the Administrator's Guide.
Zone The Amazon Web Services (AWS) zone in which the host resides, if applicable.

Database Groups

The columns displayed for a database group are described in the table below. These settings are described in the Databases chapter in the Administrator's Guide.

Column Description
Name The name of the database.
Cluster The name of the cluster on which the database resides.
Forests The number of forests configured for the database.
Disk Size (MB) The amount of disk space used by the database forests, in megabytes.
Documents The number of documents in the database.
Last Backup The data-time of the last backup of the database. No value, if the database has never been backed up. For details on backing up a database, see Backing Up and Restoring a Database in the Administrator's Guide.
Encryption Specifies whether or not encryption at rest should be enabled for the database. For details, see Encryption at Rest in the Security Guide.
HA Specifies whether or not shared disk failover is enabled. For details, see High Availability of Data Nodes With Failover in the Scalability, Availability, and Failover Guide.
Replication Specifies whether or not database replication is enabled (On/Off). For details, see the Database Replication Guide.
Security DB The name of the security database used by the database.
Schemas DB The name of the schema database used by the database.
Triggers DB The name of the triggers database used by the database.

Appserver Groups

The columns displayed for a App Server group are described in the table below. These settings are described in the HTTP Servers, ODBC Servers, XDBC Servers, and WebDAV Servers chapters in the Administrator's Guide.

Column Description
Name The name of the App Server.
Cluster The name of the cluster on which the App Server resides.
Type The App Server Type (HTTP, ODBC, XDBC, WebDAV).
Database The content database used by the App Server.
Port The App Server port number.
SSL Whether the App Server has SSL enabled (yes) or disabled (no). For details, see Configuring SSL on App Servers in the Security Guide.
Group The name of the group that contains the App Server.
Modules DB+Root The name of the modules database, or if filesystem, the root directory.
Security The type of security (internal or external).

Cluster Groups

The columns displayed for a cluster group are described in the table below. These settings are described in the Clusters chapter in the Administrator's Guide.

Column Description
Name The name of the cluster.
Groups The number of groups in the cluster.
Hosts The number of hosts in the cluster.
Databases The number of databases in the cluster.
Forests The number of forests in the cluster.
App Server The number of App Servers in the cluster.
Server Version The version of MarkLogic Server running on the cluster's hosts.
OS The name and version of the operating system on which the host runs.
Uptime The duration (Days Hrs:Min) the cluster has been available.
Encryption Specifies whether or not encryption at rest should be enabled for the database. For details, see Encryption at Rest in the Security Guide.

Role Based Access Control (RBAC) Settings

Use the Role Based Access Control (RBAC) settings to define new roles that assign sub-roles to Resource Groups to control which users have access to the resources defined by those Resource Groups (Resource Scope). The roles you create in this view will be accessible in the Admin Interface.

When assigning Resource Groups to a role, only the resources in those groups will be accessible to users assigned that role. For example, if you assign only a clusters Resource Group to a role, users with that role will only be able to access the clusters in that Resource Group and not the hosts, databases, and App Servers in those clusters. As a result, it is possible to construct security configurations with Resource Groups that are narrower than what is practical.

To see the cluster resources, you must explicitly create Resource Groups for all of resources in those clusters and assign them to a role. For example, a practical configuration would be to restrict access of a particular user to one cluster, which would imply access to that cluster's hosts, App Servers, and databases. This is accomplished by creating four Resource Groups: one for the cluster; one for all of the hosts in that cluster; one for all of the App Servers in that cluster, and one for all of the databases in that cluster. You would then grant the role assigned to the user access to all four Resource Groups.

If you don't have permission to see a resource, that resource will be displayed as blank or, if the resource type is presented as a count, it will be displayed as 0. Additionally, if you don't have permission to see a resource that is presented in chart form, you will see charts, but those charts will have no data (lines) for the prohibited resource.

Roles Tab

The Roles tab lists the available roles.The columns displayed for a Role are described in the table below.

Column Description
Role name The name of the Ops Director role.
Sub-Roles (optional) The MarkLogic roles to be assigned to this role. For details, see Role-Based Security Model in the Security Guide and Appendix C: Pre-defined Roles in the Administrator's Guide.

Do not assign opsdir-admin as a sub-role, as opsdir-admin has access to view all of the resources in Ops Director, which defeats the purpose of RBAC.

Resource Scopes (optional) The resource group(s) to which this role controls access.
Description (optional) The description of this role.

Resource Access Tab

The Resource Access tab lists the resource groups and their assigned roles. The columns displayed are described in the table below.

Column Description
Resource Scope The name of the resource group.
Roles The roles assigned to the resource group.

Creating a Resource Group and Assigning it to a Role

The following procedure creates a Resource Group that represents all of the hosts in the Managed Clusters and then restricts access to monitor those hosts to only users with the opsdir-user role.

  1. In Ops Director, select the Console Settings view.
  2. Select Resource Group in the left-hand menu.
  3. Click on Create Group.

  4. In the Create Group dialog, enter the Group Name, Description, and select Host from the Resource Type pull-down menu.

  5. After creating the group, select the group. In the Resource Groups / Hosts page, scroll down to the Total Resources section (which will likely be out of sight until you scroll down) and select which hosts in the cluster are to belong to this group.

  6. Click Assign to assign the selected resources to the group.

  7. The Resource Group lists the assigned resources.

  8. Select Roles under from under RBAC Settings.

  9. Click on Create Role.

  10. In the Create Role dialog, enter the Role Name (HostAccess, in this example) and Description. Select opsdir-user from the Sub Roles pull-down menu.

  11. Select Hosts from the Resource Scope pull-down menu. Click OK.

Console Settings Actions

Click on Actions to delete all of the selected roles or resource groups.

Click on the Action Icon next to a role or resource group to edit or delete that role or resource group.

« Previous chapter
Next chapter »