Panel Name fwAccessControl/fwAccessControl_EditDomain.pnl
Introduction

Edit Domain panel

This panel is used to display and edit the details of the domain, and to create new domains.

The panel has three modes of operation, determined by the access rights and the dollar parameter $mode (see below):
Edit mode
presented in Figure 1, allow to edit the details of the domain. This mode is active if the user has the Domain Administration access rights, the mode of the panel specified by $mode is not "RO", and non-empty name of the domain was passed as the $domainName parameter.
Figure 1: Edit Domain panel in the "edit" mode
In the edit mode, the Reset, Holders..., OK and Closebuttons are available.
View mode
presented in Figure 2, only displays the details of the domain and does not allow for changes. This mode is active if the user has no Domain Administration access rights, or the read-only mode of the panel was requested by setting the $mode to "RO".
Figure 2: Edit Domain panel in the "view" mode
In the view mode, only Holders... and Closebuttons are available.
Create mode
presented in Figure 3, is used to create a new domain. This mode is active if the $domainName parameter passed to the panel contained an empty string.
Figure 3: Edit Domain panel in the "create" mode
In the create mode, the Reset, Create and Closebuttons are available.

The panel comprises the following elements:

  • Domain name text line defines the domain name, which identifies the domain in a unique way. Note that the Name_Domain restriction apply (see the Restrictions below) for domain names.
  • Domain full name text line defines the full name of the domain; it is free of restrictions concerning the characters used within (i.e. it may contain spaces).
    Note that the full name is displayed in the Domain List panel, and the filter therein applies to the domain name and the domain full name. It is recommended (yet not required) to define non-empty and unique domain full name.
  • Description text line contains any additional information - it's meaning is not defined; it may be left empty.
  • id text line (not editable) displays the internal unique identifier of the domain. It is assigned automatically and may not be modified. This field is empty in the create mode of the panel. This idenifier may be of use for the experts and for debugging purposes.
  • Privileges table: displays the names of the privileges in the domain. If the panel is open in the edit or create mode, privileges' names may be edited directly in the table. The numbers left to the names - privilege levels - are the internal identifiers of the privileges; they may be of use for experts or debugging; they may not be changed.
  • Reset button: undoes the changes done in the panel, i.e. in the edit mode resets the contents of all editable fields so that they represent the current settings, while in the create mode it clears the text fields and sets default privilege names in the table. Pressing this button does not apply any settings; it does not close the panel either.
  • Holders... button: allows to display the users and groups having certain privileges: it brings up the Privilege Holders List panel, with the domain name preset to the currently edited (inspected) domain, and the privilege name preset to the name of the privilege selected currently in the Privileges table.
    Note that this button is disabled until you select a privilege in the Privileges table.
  • OK (in edit mode) or Create (in create mode): applies the changes, i.e. modifies or creates the domain, and closes the panel.
  • Close button: closes the panel without applying the changes.


Instructions
To create a domain:
Open the panel in the create mode (e.g. click the Add in the Domain List panel, which may be opened using the Administration>Domains context menu of the Toolbar panel).
Fill-in at least the domain name then press the Create button
To rename a domain:
Make sure the panel is open in the edit mode, for the domain you wish to rename; type in the modified name into the Domain name text field, then press the OK button to apply the changes. You may want to alter other settings of the domain at the same time, before pressing OK.
To change the names of privileges:
Make sure the panel is open in the edit mode; type in the new names of the privileges directly in the Privileges table, then press the OK button to apply the changes. You may want to alter other settings of the domain at the same time, before pressing OK.
To change the full name or description:
Make sure the panel is open in the edit mode; type in the new full name or description in the appropriate fields, then press the OK button to apply the changes. You may want to alter other settings of the domain at the same time, before pressing OK.
To find a user/group having certain access right:
Open the panel for the domain in which you want to look for access right, click on the privilege name in the Privileges table, then click on the Holders... button. This will bring up the Privilege Holders List panel; follow the instructions for that panel.
To delete a domain:
You need to use the Delete button in the Domain List panel; it is available, for instance, from the Administration>Domains context menu of the Toolbar panel.
To cancel the changes:
Press the Close button
Restrictions
  • Access_Domain: To edit an existing domain, or create a new domain one needs the Domain Administration (or System Administration) access rights (see also the Setup Panel ).
  • Name_Domain: Domain name must not contain the space ( ), colon (:), semicolon (;), pipe (|), backslash (\), asterisk (*), apostrophe (') and double-quotes (") characters. The slash (/) parameter is allowed and recommended as logical separator. Domain full name and description are, however, free of limitations.
    The domain name needs to be unique.
  • Name_Prvilege: Privilege name must only contain alpanumeric characters (letters, digits). It is recommended that privilege names are single words; if multiple words need to be used to describe the privilege, the InterCaps notation (joining the words while capitalizing the first letters) is recommended, even though space character ( ) is allowed in privilege names.
    Privilege names within the domain need to be unique (yet they does not need to be across the domains, e.g. there may be Control privilege in domains Domain1 and Domain2, resulting in unique access rights Domain1:Control and Domain2:Control respectively.
  • UNICOS_Domain: In the UNICOS mode of operation, it is not possible to change the full name and the description of the domain.
  • System_Domain: The name and full name of the system domain are not allowed. The changes in the system domain description will be discarded. The name of the system domain is always equal to the name of the local system. The id of the system domain is -1.
  • System_Privileges: The privileges in the system domain reflect the set of 32 PVSS system privileges. It is recommended not to change the names of the first five privileges. Privileges from 21 to 32 are reserved for the JCOP Framework Access Control - their names should not be changed and they may not be used for own purposes. Note that all users will always have privilege level 1 and privileges 21-28 granted.
  • Privilege_Numbers: Each non-system domain may have up to 8 privileges defined with id's in the range [21,28]). In the UNICOS mode, each domain has 4 privileges.

Dollar Parameters
Name Description  
$domainName Specifies the name of the domain to edit. Passing an empty string ("") will open the panel in the create mode. required
$mode If set to "RO", the panel will be opened in the view mode. optional

Return Values from panel
The panel should be opened using functions from the ChildPanel...Returns(... , df,ds) family.
When the panel is closed the following values may be returned in the df and ds parameters:
Variable Value(s) Description
dyn_float parameter (df[])
df[1] 1 Edit action terminated succesfully, OK button pressed
df[1] 0 Edit action cancelled, Close button pressed
dyn_string parameter (ds[])
ds[] not used: empty variable is always returned.

Back to the documentation of the fwAccessControl component.

Piotr Golonka, CERN IT/CO-BE