Thursday, July 19, 2018

Limiting user access to view logs only in CloverETL server

When you are running production installation of a CloverETL server you might have separation of responsibilities or different permissions for different people.

I was asked recently how to enable specific people to only access logs for job runs on the server. This is common use case, you have some support personnel that need to have access to logs if something goes wrong in any of the scheduled processes. You don't want to overwhelm them with too many options, you don't want them to modify any existing process etc.

CloverETL set permissions on Group level, not on specific user level, eg. you cannot give John and Amy different permissions, you need to separate them first into two groups.

Whenever you will create new group it will have all permissions removed by default. You could tell that by red cross icons on the permission tree.

In our use case, you want to enable only "Unlimited access to execution history" for this particular group.

This configuration will allow all user assigned to this group view only Execution History tab, check previous runs, see their Tracking information (how many records were processed) and see or download log for particular run.

You might wonder what is doing Limited access to execution history list. That one gives you more control, With unlimited access group members will see all content of execution history, for all sandboxes. 
Limited access allows you to show history only for sandboxes that group has read access to, eg. if you limit access to Sandbox A to Group A and John is not member of Group A, he won't be able to see any runs of processes from that project even if he has access to Execution history. 

By default all sandboxes are visible to all groups, if you want to change it, you need to do in Permissions section of Sandboxes tab.

Currently visibility granularity is on sandbox level, eg. you cannot limit visibility for a specific graph only.

And this a very limited view that John will have if he is only member of a group which has only permissions for Execution history:

As you could seen in one of the previous pictures, granularity of permissions on CloverETL server is pretty elaborate, so go check documentation page for more details how you can configure access permissions for your users to your liking.

Thursday, July 5, 2018

Auto start Tomcat and CloverETL on EC2 AWS Linux AMI

In one of the previous blog posts I installed evaluation CloverETL server on Amazon's EC2 instance. This installation is useful for evaluation, quick setup and I mentioned at the end of article that you might want to set CloverETL server to start up automatically if host gets restarted.

This article will show you one way how.


Last time we installed Tomcat and deployed server war to:


(In retrospect keeping name of version in the directory name wasn't greatest idea, that's when you will try to upgrade, but again..evaluation installation.)


First thing I will do is to create init script:
sudo vim /etc/init.d/clover

#!/bin/bash ### BEGIN INIT INFO # Provides:        tomcat8 # Required-Start:  $network # Required-Stop:   $network # Default-Start:   2 3 4 5 # Default-Stop:    0 1 6 # Short-Description: Start/Stop Tomcat server ### END INIT INFO
start() {  sh /clover/CloverETLServer.4.5.1.Tomcat-8.0.30/bin/ }
stop() {  sh /clover/CloverETLServer.4.5.1.Tomcat-8.0.30/bin/ }
case $1 in   start|stop) $1;;   restart) stop; start;;   *) echo "Run as $0 <start|stop|restart>"; exit 1;; esac

There might be different versions of init script, this one makes sure that you will run in only after network interface is set up on the instance.

Last step is to put this init script to be run after reboot. Common way to do is with update-rc.d command, but that one is not installed on Amazon Linux AMI for some reason.

Another way that worked for me was:
sudo chmod 755 /etc/init.d/clover
sudo chkconfig --level 345 clover on

After these steps Tomcat and CloverETL server should automatically after reboot of the host.

(I used heavily answers here )