Loading TOC...
Ops Director Guide (PDF)

Ops Director Guide — Chapter 8

Console Settings View

The Console Settings view allows you to configure role-based access control to resources, manage user accounts, manage licensing, and define telemetry settings.

This chapter covers the following topics:

License Information

Use the License Information page, under Console Settings/Security & Licensing, for a summary of managed hosts running under one or more MarkLogic license editions, with a breakdown of licensed cores, used cores, and the operating system platforms on which MarkLogic is running.

The displayed columns are described in the table below.

ColumnDescription
License EditionThe type of MarkLogic License. For details, see Pricing and Licensing on the MarkLogic website.
Licensed CoresThe number of licensed cores. For more information, see Scalability Considerations in MarkLogic Server in Scalability, Availability, and Forest-Level Failover.
Used CoresThe number of used cores. For more information, see Scalability Considerations in MarkLogic Server in Scalability, Availability, and Forest-Level Failover.
PlatformThe host operating system. See Supported Platforms in the Release Notes.

License Information By Host

Select a specific MarkLogic license edition to view details, broken down by host or by license edition, such as cluster name, group membership, processor architecture, and the number of CPUs, cores, and running threads.

The displayed columns are described in the table below.

ColumnDescription
HostThe list of licensed hosts in your enterprise.
EnvironmentThe MarkLogic environment. Typically, Development or Production.
ClusterThe host cluster.
GroupThe host group.
ArchitectureThe type of CPU hardware on which the host is running.
CPUThe number of CPUs configured on the host hardware.
CoresThe number of cores configured on the host hardware.
ThreadsThe number of threads used by the host.
Licensed CPUsThe number of licensed CPUs for the host.
Licensed CoresThe number of licensed cores for the host.
OptionsYour licensed options. For details, see Displaying License Options in the Administrator's Guide and Pricing and Licensing on the MarkLogic website.
ExpirationThe license expiration date.
License KeyThe license key. For details, see Entering a License Key in the Installation Guide.
LicenseeThe name of the person or organization that holds the license.

License Information By License

Click on the By License tab to view the license information by license key.

The displayed columns are described in the table below.

ColumnDescription
LicenseeThe name of the person or organization that holds the license.
HostsThe hosts in your enterprise.
ClustersThe clusters in your enterprise.
EnvironmentThe MarkLogic environment. Typically, Development or Production.
GroupsThe groups in your enterprise.
ArchitectureThe type(s) of CPU hardware used by your enterprise.
CPUThe number of CPUs in your enterprise.
CoresThe number of cores in your enterprise.
ThreadsThe number of threads used by the enterprise.
Licensed CPUsThe number of licensed CPUs for the enterprise.
Licensed CoresThe number of licensed cores for the enterprise.
OptionsYour licensed options. For details, see Pricing and Licensing on the MarkLogic website.
ExpirationThe license expiration date.
License KeyThe license key. For details, see Entering a License Key in the Installation Guide.

Resource Groups

You may want to establish roles and privileges at a finer and more ad hoc granularity than is provided by the pre-defined MarkLogic roles. It is likely that roles defined within the enterprise are fairly coarse-grained and that changing roles (in an external LDAP server, for example), may be considered too 'heavy weight' for ad hoc groupings.

Resource Groups define sets of resources to which you can assign specific roles to customize user access to those resources.

The columns displayed are described in the table below.

ColumnDescription
Group NameThe name of the resource group.
Group typeThe type of resources in the group (Hosts, Databases, App Servers, Clusters).
SizeThe number of resources in the resource group.
DescriptionThe description of the resource group.
ActionThe action to take on the resource group (Edit or Delete).

Creating a Resource Group

Do the following to create a Resource Group.

  1. Click Create Group.
  2. In the pop-up window, enter a Group Name, select a Resource Type (Host, Database, Appserver, or Cluster), and a description for the resource group.

  3. Click Save. The new Resource Group is added to the list of Resource Groups.
  4. By default, no resources are included in the Resource Group. To include resources, click on the name of the newly created Resource Group.

  5. Scroll down to the Total Resources section and select the resource to be included in the Resource Group. This view will differ, for each type of Resource Group, as described in Resource Group Views.

    By default, you can view 10 resources per page. You can adjust how many resources to view in the Resource Group page by changing the number in the pull-down menu at the bottom of the page.

  6. When you have finished selecting resources for the Resource Group, click Assign at the bottom of the page.

Resource Group Views

Click on a resource group to display the assigned and unassigned resources, as well as assign and deassign resources. The contents of each type of resource group are described in the following sections:

Host Groups

The columns displayed for a host group are described in the table below. These settings are described in the Hosts chapter in the Administrator's Guide.

ColumnDescription
NameThe hostname of the host.
ClusterThe name of the cluster on which the host resides.
GroupThe name of the group that contains the host.
OSThe name and version of the operating system on which the host runs.
Server VersionThe version of MarkLogic Server running on the host.
ForestsThe number of forests configured for the host.
DatabasesThe number of databases configured for the host.
App ServersThe number of App Servers configured for the host.
Disk SpaceThe amount of disk space (in MB) used on the host.
UptimeThe duration (Days Hrs:Min) the host has been available.
Maint. ModeThe host maintenance mode (normal or maintenance). For details, see Rolling Upgrades in the Administrator's Guide.
ZoneThe Amazon Web Services (AWS) zone in which the host resides, if applicable.

Database Groups

The columns displayed for a database group are described in the table below. These settings are described in the Databases chapter in the Administrator's Guide.

ColumnDescription
NameThe name of the database.
ClusterThe name of the cluster on which the database resides.
ForestsThe number of forests configured for the database.
Disk Size (MB)The amount of disk space used by the database forests, in megabytes.
DocumentsThe number of documents in the database.
Last BackupThe data-time of the last backup of the database. No value, if the database has never been backed up. For details on backing up a database, see Backing Up and Restoring a Database in the Administrator's Guide.
EncryptionSpecifies whether or not encryption at rest should be enabled for the database. For details, see Encryption at Rest in the Security Guide.
HASpecifies whether or not shared disk failover is enabled. For details, see High Availability of Data Nodes With Failover in the Scalability, Availability, and Failover Guide.
ReplicationSpecifies whether or not database replication is enabled (On/Off). For details, see the Database Replication Guide.
Security DBThe name of the security database used by the database.
Schemas DBThe name of the schema database used by the database.
Triggers DBThe name of the triggers database used by the database.

Appserver Groups

The columns displayed for a App Server group are described in the table below. These settings are described in the HTTP Servers, ODBC Servers, XDBC Servers, and WebDAV Servers chapters in the Administrator's Guide.

ColumnDescription
NameThe name of the App Server.
ClusterThe name of the cluster on which the App Server resides.
TypeThe App Server Type (HTTP, ODBC, XDBC, WebDAV).
DatabaseThe content database used by the App Server.
PortThe App Server port number.
SSLWhether the App Server has SSL enabled (yes) or disabled (no). For details, see Configuring SSL on App Servers in the Security Guide.
GroupThe name of the group that contains the App Server.
Modules DB+RootThe name of the modules database, or if filesystem, the root directory.
SecurityThe type of security (internal or external).

Cluster Groups

The columns displayed for a cluster group are described in the table below. These settings are described in the Clusters chapter in the Administrator's Guide.

ColumnDescription
NameThe name of the cluster.
GroupsThe number of groups in the cluster.
HostsThe number of hosts in the cluster.
DatabasesThe number of databases in the cluster.
ForestsThe number of forests in the cluster.
App ServerThe number of App Servers in the cluster.
Server VersionThe version of MarkLogic Server running on the cluster's hosts.
OSThe name and version of the operating system on which the host runs.
UptimeThe duration (Days Hrs:Min) the cluster has been available.
EncryptionSpecifies whether or not encryption at rest should be enabled for the database. For details, see Encryption at Rest in the Security Guide.

Role Based Access Control (RBAC) Settings

Use the Role Based Access Control (RBAC) settings to define new roles that assign sub-roles to Resource Groups to control which users have access to the resources defined by those Resource Groups (Resource Scope). The roles you create in this view will be accessible in the Admin Interface.

When assigning Resource Groups to a role, only the resources in those groups will be accessible to users assigned that role. For example, if you assign only a clusters Resource Group to a role, users with that role will only be able to access the clusters in that Resource Group and not the hosts, databases, and App Servers in those clusters. As a result, it is possible to construct security configurations with Resource Groups that are narrower than what is practical.

To see the cluster resources, you must explicitly create Resource Groups for all of resources in those clusters and assign them to a role. For example, a practical configuration would be to restrict access of a particular user to one cluster, which would imply access to that cluster's hosts, App Servers, and databases. This is accomplished by creating four Resource Groups: one for the cluster; one for all of the hosts in that cluster; one for all of the App Servers in that cluster, and one for all of the databases in that cluster. You would then grant the role assigned to the user access to all four Resource Groups.

If you don't have permission to see a resource, that resource will be displayed as blank or, if the resource type is presented as a count, it will be displayed as 0. Additionally, if you don't have permission to see a resource that is presented in chart form, you will see charts, but those charts will have no data (lines) for the prohibited resource.

Roles Tab

The Roles tab lists the available roles.The columns displayed for a Role are described in the table below.

ColumnDescription
Role nameThe name of the Ops Director role.
Sub-Roles (optional)The MarkLogic roles to be assigned to this role. For details, see Role-Based Security Model in the Security Guide and Appendix C: Pre-defined Roles in the Administrator's Guide.

Do not assign opsdir-admin as a sub-role, as opsdir-admin has access to view all of the resources in Ops Director, which defeats the purpose of RBAC.

Resource Scopes (optional)The resource group(s) to which this role controls access.
Description (optional)The description of this role.

Resource Access Tab

The Resource Access tab lists the resource groups and their assigned roles. The columns displayed are described in the table below.

ColumnDescription
Resource ScopeThe name of the resource group.
RolesThe roles assigned to the resource group.

Creating a Resource Group and Assigning it to a Role

The following procedure creates a Resource Group that represents all of the hosts in the Managed Clusters and then restricts access to monitor those hosts to only users with the opsdir-user role.

  1. In Ops Director, select the Console Settings view.
  2. Select Resource Group in the left-hand menu.
  3. Click on Create Group.

  4. In the Create Group dialog, enter the Group Name, Description, and select Host from the Resource Type pull-down menu.

  5. After creating the group, select the group. In the Resource Groups / Hosts page, scroll down to the Total Resources section (which will likely be out of sight until you scroll down) and select which hosts in the cluster are to belong to this group.

  6. Click Assign to assign the selected resources to the group.

  7. The Resource Group lists the assigned resources.

  8. Select Roles under from under RBAC Settings.

  9. Click on Create Role.

  10. In the Create Role dialog, enter the Role Name (HostAccess, in this example) and Description. Select opsdir-user from the Sub Roles pull-down menu.

  11. Select Hosts from the Resource Scope pull-down menu. Click OK.

Console Settings Actions

Click on Actions to delete all of the selected roles or resource groups.

Click on the Action Icon next to a role or resource group to edit or delete that role or resource group.

« Previous chapter
Next chapter »
Powered by MarkLogic Server 7.0-4.1 and rundmc | Terms of Use | Privacy Policy