Versions Compared

Old Version 38

changes.mady.by.user David Vaisman

Saved on

compared with

New Version 39

changes.mady.by.user Michelle Friedman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

...

User-level access control in integrations and APIs is provided by user keys. The user key is a unique identifier that is mapped to a WhiteSource Mend user.

WhiteSource Mend supports the option of creating and using a unique identifier for each user who utilizes its services. The support for using user-level access control in integrations enhances auditing and optimizes accountability insights for the WhiteSource Mend administrator.

It allows to enforce segregation of administrative actions between different products and projects (i.e., a user who is not a product administrator cannot delete it). It also enables the administrator to view details on the activities of each user in relevant reports. Once the WhiteSource Mend administrator enforces the use of user-level access control in integrations, all requests must include a user key.

Applicability

  • All WhiteSource Mend agents support adding an attribute in the agent’s configuration file and/or a parameter in the command line.

  • All HTTP API methods support adding a user key argument to the API request.

Configuring the User Level Token

The WhiteSource Mend administrator configures the user level access control in integrations by following these steps:

  1. Go to the WhiteSource Mend GUI and open the Integrate.

  2. In the Integrate page, select the checkbox Enforce user level access.

  3. The use of the user level access control in integrations has been enforced and all requests must include a user key. Any request which will not include a user key will fail.

...

User keys are generated by the user who will then be required to add it in all of his/her WhiteSource Mend requests. The steps for generating a user key are the following:

  1. Go to the WhiteSource Mend GUI and open the User Profile.

  2. Click on the Generate User Key.

  3. A unique user key is displayed in the User Keys table for the user to add in the various agents and APIs. The user key is mapped to the user profile name.

Info

A user key can also be generated when the Enforce user level access option has not been selected by the WhiteSource Mend administrator. The user has the option to generate more than one user key (up to 10 user keys) for situations that include the use of unique user keys for various integrations (e.g., one user key for the Jenkins Plugin, one user key for the Unified Agent, and one user key for the API).

...

A userKey argument has been added to the HTTP API, and it must be added to all HTTP API requests when the Enforce user level access option has been enabled.

Note

Only WhiteSource Mend users with Administrator or Auditor privileges (“Auditor” can only be assigned to service users) are allowed to use the APIs in case the Enforce user level access option has been enabled.

...

With the support of the User level access control in integrations, the WhiteSource Mend administrator has the option to view and analyze reports that provide data on the usage of WhiteSource Mend requests per user. Reports display the users’ profile names, which are linked to their respective user keys.

...