Securing the Automation of Application Deployment with UrbanCode Deploy
-
Upload
ibm-urbancode-products -
Category
Software
-
view
1.011 -
download
1
Transcript of Securing the Automation of Application Deployment with UrbanCode Deploy
© IBM Corporation 1
Presented by:
Securing the Automation of Application
Deployment with UrbanCode Deploy
Joanne Scouler
WW Cloud Sales
Enablement
@joscouler on twitter
Thomas Hudson
Information Architect
November 5, 2015
© IBM Corporation 2
Security agenda
– Steps in setting up security
– Authorization
– Authentication
– Role configuration
– Guidance on configuring roles and permissions
– Security model
– Security model example
– Team configuration
– Approvals and notifications
– Statuses and gates
© IBM Corporation 3
Security objectives
In this module you learn how to:
• Create authorization realms and user groups
• Manage users in authentication realms
• Create and define roles and permissions for security
• Create teams
• Set up notifications and approvals
• Set up statuses and gates
© IBM Corporation 4
Guidelines for setting up security
1. Create an authorization realm.
Authorization realms handle user groups.
2. Create an authentication realm.
The authentication realm is used to determine a user's identity
within an authorization realm. (LDAP, AD, or SSO)
3. Create roles and define permissions for them.
For most situations, the default permission types should be
adequate.
4. Create or import users.
5. Create teams and assign users to them.
© IBM Corporation 5
IBM UrbanCode Deploy security
© IBM Corporation 6
Authorization realms
The Authorization Realms pane is used to create authorization realms and user
groups. Groups can be imported from external systems, such as LDAP.
© IBM Corporation 7
Authentication realms
• Authentication realms determine user identity within authorization realms.
• Users can be created manually or imported from external systems.
© IBM Corporation 8
Role configuration
–Roles provide permissions to users.
–A role is a set of permissions. Typically, the permissions in a
role define a particular activity that a user might do. IBM®
UrbanCode Deploy provides one role, the Administrator role,
which has all available permissions.
–Users are granted permissions by being assigned to roles.
When assigned to a role, a user is automatically granted all
permissions that are defined for the role. Typical activities
include changing or running an item, such as an application
process, or modifying security settings.
© IBM Corporation 9
Role configuration
© IBM Corporation 10
Guidance on configuring roles and permissions
When defining the roles for your organization, start by keeping the roles
simple, but sufficient to carry out the appropriate work.
Role Permissions Configurator Resources (Create, Edit, View)
Application (Create, Edit, Manage Snapshots, Run Comp Process,
View)
Environment (Create, Edit, Execute, View)
Component (Create, Edit, Manage Versions, View)
Component Template (Create, Edit, View)
Release Engineer ( Resources (View)
Application (View, Manage Snapshots, Run Component Applications)
Environment (View and Execute)
Component (View)
Component Template (View)
Approver Resources (View)
Application (View)
Environment (View and Execute)
Component (View)
Component Template (View)
© IBM Corporation 11
Kinds of permissions
–Permissions generally fall into one of the following categories:
• The ability to view, modify or work with a specific object.
• The ability to create new object
• The ability to see some element of the User Interface
• The ability to manipulate the system/security as a whole, such as the
ability to define users and groups
–Permissions are cumulative • One user may be assigned multiple roles on multiple teams. When considering a
specific capability, such as the ability to edit a certain object, a user may have
multiple relevant roles in relationship to that object. Permissions are cumulative –
as long as there is one role that provides the given Permission, the user has the
Permission, even if other roles don't provide the Permission.
© IBM Corporation 12
Team and role-based security model
© IBM Corporation 13
Security model example
© IBM Corporation 14
Security model – Defining roles
© IBM Corporation 15
Security model – Defining roles
© IBM Corporation 16
Team lead role
• It is useful to have role that manages team membership without
requiring the Administrator.
• Give the Add Team Members permission to the role designed to
manage the team.
• Users with this role can add and remove users from their team.
• Access the team manager feature by selecting My Profile > My
Teams.
© IBM Corporation 17
Defining and maintaining roles
When you select an
object, it lists all of the
defined Types of that
object. You define
permissions by Type
within a role.
You can select the menus
that the role will be able to
see in the Web User
Interface
© IBM Corporation 18
Mapping objects to a team
• To create an object, you must have the Create permission for the
object type. To create a component, for example, you must have a
role with the Create Component permission.
• When you create an object, such as a component, your teams are
automatically mapped to the object. You can change your user
preferences to modify this behavior.
• To map a team to an existing object, you must have a role with the
Manage Security permission.
© IBM Corporation 19
Steps for setting up approvals
1. Ensure that the users doing the approval belong to the appropriate role
2. Enable approvals on the desired environment
3. Identify the roles that will provide the approval
4. Define the approval process on the application
© IBM Corporation 20
Define statuses for components
Define the set of component version statuses
© IBM Corporation 21
Define the gates on environments
On the Application
configuration, define the gates
© IBM Corporation 22
Resources
– A Guide to Security Configuration in IBM UrbanCode Deploy
– UrbanCode Deploy Knowledge Center
© IBM Corporation 23
Summary
In this module you learned how to:
• Create and define roles and permissions for security
• Manage users in authentication realms
• Create authorization realms and user groups
• Create teams
• Set up notifications and approvals
• Create statuses and gates
© IBM Corporation 24
Learn More About IBM UrbanCode Deploy
– Visit UrbanCode Online:
• https://developer.ibm.com/urbancode/
– View UrbanCode Product Forums:
• https://developer.ibm.com/answers/smart-spaces/23/urbancode.html
– Request a Demo of IBM UrbanCode Deploy
• https://ibm.biz/demo-urbancode-deploy
© IBM Corporation 25 © IBM Corporation 25
Questions
© IBM Corporation 26 © IBM Corporation 26
Accelerating Digital Business