Subjects
StackState Self-hosted v5.0.x
This page describes StackState version 5.0.
StackState is configured by default with file based authentication with predefined roles for Guests (very limited permission level), Power Users and Administrators (full permission level). To change the configuration to use LDAP authentication, see authentication docs.
To create a new subject (a group or a username), you must follow the
stac
CLI route below. When you create a subject, it has no permissions at first. All custom subjects need a scope by design, so they do not have access to the full topology. This is a security requirement that makes sure that users have access only to what they need.Examples
- Create the
stackstate
subject with a scope that allows the user to see all elements with theStackState
label:
CLI: stac
CLI: sts (new)
stac subject save stackstate 'label = "StackState"'
⚠️ PLEASE NOTE - from StackState v5.0, the old
sts
CLI is called stac
.In a future release of StackState, the new
sts
CLI will fully replace the stac
CLI. It is advised to install the new sts
CLI and upgrade any installed instance of the old sts
CLI to stac
. For details see:Command not currently available in the new
sts
CLI. Use the stac
CLI.- Give more context and specific limitations, create the subject
stackstateManager
with the same scope of theStackState
label and additional access to Business Applications within that label:
CLI: stac
CLI: sts (new)
stac subject save stackstateManager 'label = "StackState" AND type = "Business Application"'
⚠️ PLEASE NOTE - from StackState v5.0, the old
sts
CLI is called stac
.In a future release of StackState, the new
sts
CLI will fully replace the stac
CLI. It is advised to install the new sts
CLI and upgrade any installed instance of the old sts
CLI to stac
. For details see:Command not currently available in the new
sts
CLI. Use the stac
CLI.NOTE:
- When passing an STQL query in a
stac
CLI command, all operators ( such as=
,<
,AND
, and so on) need to be surrounded by spaces, as in the above example. - For LDAP authentication, the subject name must exactly match the username or group name configured in LDAP (case-sensitive).
Last modified 7mo ago