Role-Based Access
Note
Role-based access is supported in the standaloneMATLAB®Web App Server™产品,而不是包含的开发版本MATLAB Compiler™。有关详细信息,请参阅MATLAB Web App Server Differences。
Note
To use role-based access, you need to:
Enable SSL on the server. For more information, seeEnable SSL。
Enable authentication on the server. For more information, see验证。
在服务器上启用基于角色的访问权限,您可以决定哪些用户可以撰写应用程序,哪些用户可以使用它们。
MATLAB Web App Serversupports two roles for role-based access:Author和用户。
一个Authorcan add, delete, and run web apps fromMATLAB Web App Server。一个Authorsees a管理应用程序button on the server home page.
A用户can only run web apps from theMATLAB Web App Serverhome page. A用户sees aDiagnosticsbutton on the server home page.
You can use role-based access along with policy-based access to finely determine who can run apps on the server and who can modify them. For details, seePolicy-Based Access。
启用基于角色的访问:
检查是否启用了SSL。有关更多信息,请参阅Enable SSL。
Check if authentication is enabled. For more information, see验证。
Create a file named
webapps_app_roles.json和place it in thewebapps_privatefolder.The
webapps_privatefolder can be found in:Operating System 文件夹位置 视窗®
%ProgramData%\MathWorks\webapps\R2021a\config\webapps_privateLinux®
/local/Mathworks/webApps/R2021a/config/webapps_private苹果系统
/库/应用程序支持/Mathworks/W金宝appebApps/R2021a/config/webapps_privateThe JSON schema for
webapps_app_roles.jsonis:{“版本”:“ 1.0.0”,“ Acceptoles”:[{“ id”:“ user”,“ description”:<文本描述用户角色>,“用户”:{}的用户“组”:{<属性名称和值,以识别分配给用户角色>}}的组,{“ id”:“ rution”,“ description”:<文本描述作者角色>,“用户”:{<属性名称和值,以识别分配给作者角色>}的最终用户,“ groups”:{<属性名称和值以识别分配给作者角色>}}的组的组}} version: Specify the version of the JSON schema. The default value forR2021ais:
1.0.0。id:指定角色名称。您可以指定
用户或者Author。Only these two roles are supported.description: Specify a description for each role. For example:
“描述”:“作者可以上传,删除和执行Web应用程序。”users: Specify an attribute that uniquely identifies the set of authenticated end users who can assume the role of anAuthor或者a用户。
The attribute names depend on the type of authentication you are using.
For example, if you are using LDAP for authentication, you can fill in the JSON schema as follows:
In the above schema, once an end-user is authenticated,MATLAB Web App Serverchecks if the authenticated user has"users":{ "email": ["bishop@myboston.com", "queen@myboston.com"] }emailas an attribute, and checks to see if the attribute value (email address in this case) is listed in the schema. When both checks succeed, the end-user will be assigned a role.小组: Specify an attribute name and corresponding values that uniquely identify the group of authenticated end users who can assume the role of anAuthor或者a用户。
The attribute names depend on the type of authentication you are using. Using小组lets you assign entire sets of end-users a role at once.
For example, if you are using LDAP for authentication, you can fill in the JSON schema as follows:
In the above schema, once an end-user is authenticated,MATLAB Web App Serverchecks if the authenticated user has“组”:{“成员”:[“ CN =营销,OU = Mail,DC = LDAP,DC = MyBoston,DC = COM”,“ CN = Development,OU = Mail,DC = LDAP,DC = MyBoston,DC,DC= com”]]}memberOf作为属性,并检查属性的值是否在模式中列出。当两者都成功时,最终用户将被分配一个角色。Attributes specified in the schema need to be collective or group attributes.
Tip
您不需要两者指定
users和小组in the schema for each role unless that is the only way to obtain a unique set of end users.If you use an attribute in the
usersfield in the用户role to identify a set of users, you need use the same attribute in theusersfield in theAuthorrole to identify a set of users. The same condition applies to小组as well.
MATLAB Web App Serverfirst checks if an authenticated user can assume the role of anAuthorbefore checking the用户role. If checks against both roles fails, the end-user is denied access to the server.
Examplewebapps_app_roles.json申请LDAP身份验证
{“版本”:“ 1.0.0”,“ Acceptoles”:[{“ ID”:“用户”,“描述”:“用户只能执行Web应用程序。”,“组”:{“ memberof”:[[“ CN =营销,OU = Mail,DC = LDAP,DC = MyBoston,dc = com”,“ CN =开发,OU = Mail,DC = LDAP,DC = MyBoston,dc = com”]}}},{“:“作者”,“描述”:“作者可以上传,删除和执行Web应用程序。”,“用户”:{“电子邮件”:[“ bishop@myboston.com”,“ queen@myboston.com”]}}]}}Examplewebapps_app_roles.json文件天蓝色AD Authentication
{ "version": "1.0.0", "appRoles": [ { "id": "User", "description": "A User can only execute web apps.", "groups": { "groups": [ "1a23456-ab2c-4444-a123-12345b3a81af", "2b3456cd-e8ed-4fcf-ac55-6b79b0781eed " ] } }, { "id": "Author", "description": "An Author can upload, delete, and execute web apps.", "users": { "upn": [ "bishop@myboston.com", "queen@myboston.com" ] } } ] }Caution
JSON模式语法webapps_app_roles.jsonis strictly enforced. Errors in the schema syntax may result in the server not starting, or you being denied access to the server when you try to log in.
相关话题
选择一个网站
Choose a web site to get translated content where available and see local events and offers. Based on your location, we recommend that you select:。
Selectweb site您还可以从以下列表中选择一个网站:
Americas
- AméricaLatina(Español)
- Canada(English)
- United States(English)
欧洲
- Belgium(English)
- 丹麦(English)
- Deutschland(德意志)
- España(Español)
- Finland(English)
- 法国(Français)
- 爱尔兰(English)
- 意大利(Italiano)
- Luxembourg(English)
- Netherlands(English)
- 挪威(English)
- Österreich(德意志)
- Portugal(English)
- Sweden(English)
- 瑞士
- 英国(English)
