Configuring user access to Teracloud® Streams domains and instances

By default, Teracloud® Streams domains and instances are private and can be accessed only by the user who creates the domain or instance. To set up a domain or instance that can be accessed by multiple users, you can use either the Teracloud® Streams graphical user interfaces or streamtool commands.

Before you begin

If you are using PAM with a UNIX backend for user authentication, review the restrictions for domains and instances that are shared by multiple users.

About this task

In the following procedure, the optional administrator and user groups refer to a Linux or LDAP set of users. After you create the groups by using Linux or LDAP, you can add the groups to the Teracloud® Streams DomainAdministrator, DomainUser, InstanceAdministrator, and InstanceUser roles when you create the domain and instance. All members in the group have the DomainAdministrator, DomainUser, InstanceAdministrator, and InstanceUser permissions.
Restriction: To add the members of a Linux or LDAP administrator group and user group to the InstanceAdministrator and InstanceUser roles, you must create the instance by using the command-line procedure. This option is not supported in the Streams Console graphical user interface.

Procedure

  • Set up a domain that is shared by multiple users:
    1. Create the domain by using the streamtool mkdomain command.

      When you create a domain, Teracloud® Streams creates the DomainAdministrator and DomainUser roles, and adds the domain owner to the DomainAdministrator role.

      Optional: Specify a Linux or LDAP administrator group name and a user group name, which are added to the DomainAdministrator and DomainUser roles when the domain is created.

      • To add an administrator group to the DomainAdministrator role, use the --admin-grp option.
      • To add a user group to the DomainUser role, use the --user-grp option.
    2. Add users or groups to the DomainAdministrator and DomainUser roles by using the streamtool adduserdomainrole and the streamtool addgroupdomainrole commands.
  • Set up an instance that is shared by multiple users:
    1. Create the instance by using the streamtool mkinstance command.

      When you create an instance, Teracloud® Streams creates the InstanceAdministrator and InstanceUser roles, and adds the instance owner to the InstanceAdministrator role.

      Optional: Specify a Linux or LDAP administrator group name and a user group name, which are added to the InstanceAdministrator and InstanceUser roles when you create the instance.

      • To add an administrator group to the InstanceAdministrator role, use the --admin-grp option.
      • To add a user group to the InstanceUser role, use the --user-grp option.

      Add users or groups to the InstanceAdministrator and InstanceUser roles by using the streamtool adduserrole and the streamtool addgrouprole commands.

Example

For an example that shows how to set up user access by using the streamtool command-line interface, see Example: Configuring user access to an enterprise domain and instance by using roles.