Enabling Dashboard Security

The Dashboard relies upon the Basic Authentication feature of the web server to provide login security. Additionally, Role-Based Access Control (RBAC) uses that login string to provide additional functionality within the Dashboard. Without Basic Authentication in the web server, RBAC will not work in the Dashboard.

When RBAC is enabled (requires web server Basic Auth to be working fully), there are just two roles currently:

• administrator - which gives read-write access to everything to any valid login listed in the "administrators":[] option in the WEBROOT/html/config.json file.
• operator - which is read-only and is the role given to anyone with a valid login

To enable login and password security for the Dashboard along with Role-Based Access Control (RBAC), be sure to do the following:

• Deploy the correct Apache config to enable Basic Authentication pointing to the WEBROOT/etc/.htpasswd file.

  Please see "Create the Dashboard-specific Web Server Configuration File" and "Configure Web Server Boot and Restart Process".

• Ensure that the WEBROOT/etc/.htpasswd file contains one or more login/password pairs using the htpasswd command.

  Please see "Populate Logins Using htpasswd".

• Configure the Dashboard RBAC via the WEBROOT/html/config.json file to add logins from the WEBROOT/etc/.htpasswd file to the administrators JSON array.

  Please see "Enable RBAC via config.json".