MooD 17 brings with it a new mechanism to help control access to features within the Business Architect Toolkit, which is primarily as a security mechanism to mitigate known and emerging threats. Whilst the MooD team plan to use it to control features for our SaaS offerings, it is also potentially useful to a number of our customers to be aware of it.
Examples of what you can achieve
- Make Repository Manager a simple interface without the options to manipulate repositories.
- Prevent users from modifying custom SQL.
- Completely disable certain Synchronizer types to simplify your users' interface.
- Automatically deny access to new Synchronizers as new builds emerge.
- Force Web Browsers spawned by Business Architect, Repository Manager, Integrator and Validator. to use a specific browser in a limited functionality Kiosk mode.
- Prevent access to deployment packs and integrator.
- Prevent users from installing new Custom Visualizations.
How is this achieved?
Currently the configuration is aimed at a technical user and involves copying, renaming and editing the licence.template.xml file in the install. (See the file for more details).
This file allows you to specify
- If lockdowns are active.
- The level of informational logging to the event log.
- If Web browsers spawned should be locked down.
- Which windows active directory groups (or users) are exempt from all lockdowns.
- Which windows active directory groups (or users) are exempt some lockdowns.
This is an exemption based approach (whitelisting) so that if a new feature is introduced in a new build it will be automatically locked down.
- Changes to the lockdowns file are automatically detected by running applications, so administrators in shared environments can roll out updates to the file and instantly lock down features while users are still running Business Architect.
- Changes to the file and issues with the XML format are logged extensively in the event log (depending on configuration).
- If an error is made in the XML file configuration, MooD reloads the last-known-good lockdown
This the first iteration of this feature, so we welcome any feedback.