Recently, I had a requirement to make a particular carbon component that was developed available only in super tenant mode and inaccessible to normal tenants. Well, documentation was a bit scarce on this area, and as usual google was my friend. I stumbled upon this 4 year old commit [1] which was the solution to my problem.
Hiding the component from the Carbon Management Console
To hide it from the management console UI, the easiest thing you can do is hide it from the menu that is listed. Usually all carbon component UI bundles contains a component.xml inside src/main/resources/META-INF that describes how this particular component will be listed in the UI. All you need to do is add a <require-super-tenant>true</require-super-tenat> tag under the menu item.
Sample component.xml configuration file
Disabling access from the admin service
Simply hiding it from the UI menu is not enough to truly prevent access to a particular module in tenant mode. As you may know, the management console accesses a carbon component through an admin service and you need to restrict access at this level to properly restrict access to super-tenant only for a particular component.
Again, it is a simple XML configuration change and all you need to do is add the following line as a parameter to the serivces.xml file under src/main/resources/META-INF for the particular admin service.
<parameter name="superTenantService" locked="true">true</parameter>
Sample service.xml configuration file
No comments:
Post a Comment