Show TOC

UserRoleAuthorizer ProviderLocate this document in the navigation structure

The UserRoleAuthorizer provider grants logical roles to specific users when their roles cannot be retrieved from the back end by the configured authentication provider. You cannot manually configure this provider.

This provider is part of all security configurations that are created or updated in Management Cockpit. UserRoleAuthorizer simply implements the checkRole method to compare the current user name to the physical role name that is passed in.

UserRoleAuthorizer allows role checks for the role user:<userName> to succeed. For example, if this authorization provider is enabled, an administrator can grant the Notification User role o user:jsmith. A user who is authenticated as jsmith:
  • Is granted the physical role user:jsmith

  • Is granted the logical role Notification User

  • Can perform Notification Push

Note UserRoleAuthorizer features enable you to map the DN from a client certificate to a role. If a user is authenticated using the X.509 User Certificate provider, a role check for "user:"+<subjectDN from the certificate used to authenticate the user> can succeed.