KonfDB User Access and Privileges

KonfDB apart from being an excellent configuration management system also provides some basic security to control the changes to the application configuration.  Since configuration is a very important aspect of software delivery, we believe that configuration should be controlled and managed by selected group of individuals.  There are several benefits to it

  • Structured configuration – with selected group of individuals controlling the configuration, the chances of inconsistent parameter names and duplicate values are reduced
  • Reduced size of configuration – limited configuration parameters per application to ease maintenance
  • Reduced bugs due to incorrect configuration – on the lines of ‘too many cooks spoil the broth’

With these fundamentals, KonfDB has a very simple user access and privilege management system.

KonfDB user access

KonfDB users can be created in a chain format.  The first user needs to be created by the super admin (the user through which KonfDB Host is authenticated).  Each user can further create new users.  There isn’t any upper limit applied to the number of users that can exist on KonfDB instance.

KonfDB user privileges

KonfDB user privileges are controlled and managed at a suite level.

When a new user is created, the user has no access to any configuration data.  The user has complete rights to create a new configuration suite and associate applications, environments, regions and servers to it.  This user has complete administrative rights to the new suite.

To get access to another suite, a user needs to request access to the person who has the administrative privileges to that suite.  Access can be granted at 2 levels

  • Complete administrative access – Admin Role
  • Configuration Read-Only access – ReadOnly Role
Admin Role

When any user is granted Admin Role for a particular suite, the user is allowed to perform any action on the suite such as

  • Add New Users and grant them Admin or ReadOnly role
  • Revoke User access from Suite
  • Add New Applications, Environments, Regions, Servers, Parameters and Mappings
  • Delete  Applications, Environments, Regions, Servers, Parameters and Mappings

Caution – The new users with Admin role have the capability to revoke rights of super user.  However, this can prove fatal at the time of maintenance.

This role should not be granted to every one.  Applications & Services should not run using a user with Admin role

ReadOnly Role

As the name suggests, the role provides only read-only access to the suite.  The user can

  • View Suite Configuration
  • Can not add new users to the suite
  • Can not add applications, environments, regions, servers, parameters or mapping to the suite
  • Can not make any modifications to parameter values

This role is very restrictive. Applications & Services should not run using a user with ReadOnly role