Simple Role Map Documents

OGSA-DAI provides support for a simple role map document in which database passwords are in plain-text. This document can be used with the uk.org.ogsadai.common.rolemap.SimpleFileRoleMapper role mapper class.

Example

<?xml version="1.0" encoding="UTF-8"?>
<DatabaseRoles>
  <Database name="jdbc:mysql://host:6502/otherData">
    <User dn="/C=UK/O=eScience/OU=Aspatria/L=AeSC/CN=tom"
             userid="superUser" password="myPassword"/>
    <User dn="*" userid="myUser" password="123"/>
  </Database>
</DatabaseRoles>

Specification

Element DatabaseRoles:

• Element Database (one or more) - defines role mappings for a specific data resource.
  • Attribute name (required) - the name of the data resource.
    • This must correspond to the value of the uri element of a driver element of a dataResource element specified within the data resource configuration document that references this role map document.
  • Element User (one or more) - a mapping from credentials obtained from an X509 certificate to a database username and password.
    • Attribute dn (required) - the user credentials.
      • If no credentials are provided or any client is to be allowed access then the wild-card * can be used.
      • If no such entry is provided then anonymous access to the database is not permitted.
    • Attribute userid (required) - a database username that provides access to the data resource name.
    • Attribute password (required) - the database password for this username.

XML Schema

An XML Schema defining this format is provided at: OGSA-DAI/schema/ogsadai/xsd/rolemap/role_map.xsd