Problem Statement
Given NXRM Firewall configuration using an “admin” user, all the applications are displayed in the CIP: Viewing Component Information in NXRM 3.x
Sample:
Solution
Define a specific user (“nxrmfirewall” in the example below) in IQ Server that has access only to a single “sandbox” or “sample” application.
Background Information & Limitations
-
Today, NXRM does not pass the user to IQ Server. Rather, it uses a pre-configured user to connect to IQ Server. So, all users of NXRM have access to the same application list in IQ Server when logged into NXRM. Connecting to IQ Server to NXRM 3.x
-
When using this solution, only the single application will be available. Users will not be able to see the specific policies that apply to their application for the component inside of NXRM.
Sample Implementation Steps
Step 1: Create a “NXRM Firewall” User in IQ Server
Step 2: Assign “Component Evaluator” Access to Repositories
Step 3: Create or Select an Application and assign “Component Evaluator”
Step 4: Update the IQ Server configuration in NXRM to use the newly created user
Step 5: Browse the Repo to Test the Application list in the CIP
Assigning Firewall Report Access to a Repository User
Not as detailed as above, but if you need to give access to the repository firewall report to a repository user (ei developer) they will need a role created and assigned to them with the following privileges.
You will need to assign this role to the LDAP group.
- nx-blobstore-read = needed to view the repository admin details.
- nx-iq-violation-summary-read = to see Firewall violations.
- nx-repository-admin-maven2-maven-central-read = to view maven-central violations
- nx-repository-admin-{ format }-{ proxy=repository-name }-read = needed for each other proxy repository that the user will need access to.
