NCache 4.6 - Online Documentation

NCache Security

 
Security Access Levels
NCache’s security feature incorporates security at two distinct access levels:
  • Administrative/Management Level
  • Cache API Level
 
These levels of security are intended to secure both management and client level access to your cache. By default, the security feature is disabled for both the access levels.
 
Administrative/Management Level Security
Management level security in NCache ensures that a remote cluster node is protected from any unauthorized user access. It is used to validate authorized users who have access to perform any management and configuration related operation on a cluster node. To secure an overall multi-node cache cluster, you must enable security on each individual node of the cluster. Administrative tools like Manager and command line tools are integrated with security framework and provide you with the option to perform operations in a secured environment.
 
To learn how to configure security on a node, see Configuring Security for Cache Management section of NCache Administrator's Guide.
 
What is secured by Enabling Management Level Security?
Once you configure management level security on your server node, only the specified users granted administrative permissions will have access to perform any management operations on your node such as:
  • Create new cache
  • Remove existing cache
  • Add existing cache
  • Start cache
  • Stop cache
  • Restart cache
  • Refresh cache
 
Privileged System Administrator
The list of authorized users is stored in security.conf. Only a local administrator on that machine can enable security. Users other than those configured as your node administrators are not permitted to perform any management related operation on your node.  But there is one exception: a user is also granted administrative permissions if he is local system administrator on that system.
 
It means that a local window administrator always has administrative rights and permissions whether managerial operation is performed locally, or from any other server node, using local windows credentials. So if a node is not authorized as an administrator and you are using that node to perform an operation on your personal machine, you only need to provide your system credentials and you are allowed to do any remote management operation on your system.
 
Cache API Level Security
Cache level security in NCache ensures that cache data is protected from any unauthorized user access. Cache API level security is used to validate authorized users who try to establish a connection with cache via NCache API. By enabling cache level security, you can control whether all or few clients can access the cluster cache data for either reading or writing. Only clients verified as valid and authenticated users are allowed to perform cache level operations.
 
To learn how to configure security on a cache, see Configuring Security for Cache section of NCache Administrator Guide.
 
What is Secured by Enabling API Level Security
Once you configure management level security on your server node, only the specified users granted administrative permissions will have access to perform any cache operations on your cache such as:
  • Initialize cache
  • Get data
  • Add data
  • Remove/update data etc.
 
If security is enabled on a cache, then credentials must be provided along with the initialize cache call to establish a connection. This list of authorized users for each is maintained in the cache configuration section of config.conf.
 
 
See Also