Realms in Jitterbit App Builder
Realms allow security administrators to delegate the following security operations to developers:
- Provision user accounts
- Manage security group membership
Developers can, in turn, use public data objects to build applications which allow realm administrators to perform these tasks within the confines of the realm.
Realm administrator
A Realm Administrator is a user that has been granted the Realm Administrator role. The Realm Administrator role belongs to the App Builder data source and has been granted permission to the realm-related public data objects.
Realm public data objects
App Builder ships with several realm-related public data objects. Developers can use these data objects to build applications which allow Realm Administrators to perform delegated security management tasks. These public data objects include:
- Realm_User_Create - Provision users using a security provider delegated to the realm.
- Realm_Provider - View security providers delegated to the realm.
- Realm_UserGroup - View and modify the membership of a security group delegated to the realm.
- Realm_Group - View security groups delegated to the realm.
See Public data objects for additional information regarding these and other public data objects.
Creating a realm
To create a new realm:
- Sign into App Builder as an administrator.
- Navigate to the IDE.
- Click on User Management.
- Choose the Realms menu option.
- In the Realms panel, click the + Realm button.
- Provide a Name for the realm.
- Click the Save icon (Check).
Once the realm has been created, the security administrator must determine which applications and schedules belong to the realm, as well as which security groups and providers are delegated to the realm.
Applications and schedules
Business rules, including those which perform security-related tasks, execute in the context of an event. An event's origin determines its realm. Events originate from one of two sources:
- Applications - A user may invoke an event by clicking a button, for instance. Regardless of whether the event is scheduled to run in foreground or background, user-initiated events originate from an application.
- Schedules - A scheduled tasks invokes an event, either periodically or in response to a signal.
After creating the realm, the security administrator must add one or more applications or schedules to the realm. Events originating from these sources will execute in the context of the realm.
Note that a given application or schedule can only belong to a single realm. Applications and schedules shipped with App Builder cannot belong to a realm.
Add an application to a realm
To add an application to a realm, from the Realms page:
- In the Realms panel, select the realm.
- In the Applications panel, locate the application.
- Click the Select button.
Add a schedule to a realm
To add a schedule to a realm, from the Realms page:
- In the Realms panel, select the realm.
- In the Schedules panel, locate the schedule.
- Click the Select button.
Groups and providers
The following security resources can be delegated to the realm:
- Groups - Allows realm administrators to manage membership of the delegated security group.
- Providers - Allows realm administrators to provision user accounts using the delegated security provider.
To avoid conflicts, a given security group or providers can only be delegated to a single realm. Security groups shipped with App Builder cannot be delegated to a realm. Only security providers of type User Provisioning can be delegated.
Delegate a group to a realm
To delegate a group to a realm, from the Realms page:
- In the Realms panel, select the realm.
- In the Groups panel, locate the group.
- Click the Select button.
Create a provider for a realm
In App Builder, a provider is the entity that creates the user or modifies it. Active Directory and other authentication methods will be Providers in App Builder, and your realm must have a Provider as well. To create a Provider, go to the Security area of the IDE, open Security Providers, and create a Provider. This provider must be marked as active, named something, and have a type of User Provisioning, no other settings required.
Delegate a provider to a realm
To delegate a provider to a realm, from the Realms page:
- In the Realms panel, select the realm.
- In the Providers panel, locate the provider.
- Click the Select button.
Realms and release management
Like other security resources–users, groups and providers–realms are specific to a given instance of App Builder. The Release Management process will not package and transport realms. Therefore, administrators will need to recreate realms in each environment (e.g. development, QA, production).
Application developers will need to take this into account when building an application that supports realms. Specifically, developers should provide an application (or set of pages within an existing application) that allows administrators to perform any necessary post-installation configuration. See Realm Public Data Objects for a list of public data objects that can be used to this end.
Business logic
When you are running rules to insert users into the objects provided by App Builder for realm inserts, you must pass the ProviderID you created for the realm as the ProviderID of the User. Be aware that you cannot test objects well in the results or using the execute button because the realms work in the confines of an application, meaning you must execute rules using the realm within a certain application for the realm to return proper results.