ideAllowedProfiles
This property is available starting with Profound.js Version 7.27.0.
Description
This property allows for specifying which IBM i user profiles are allowed to access the Profound.js/Profound API IDE. This is useful when administrators may need to restrict access to the IDE based on IBM i user profiles, groups or user classes.
When this property is defined, only the users, group profiles, or user classes listed in the array can access the IDE after signing in.
If a user does not match any entry listed for this option, access is denied.
Usage
To use this option, add the the ideAllowedProfiles property to the config.js file:
ideAllowedProfiles: ["USER", "DEVTEAM", "*PGMR", "*SECOFR"],After making this change, the instance must be restarted in order for the change to take effect.
Rules
These rules must be followed/noted when using this configuration option:
All entries are compared in uppercase;
All entries must be listed as quoted strings;
User profile names should be specified individually;
Group profile names should specify user profiles used as groups;
User class names should be specified following the usual convention (i.e. including an asterisk
*with the class name);
Behavior
Configuration | Result |
Property not defined | Any valid IBM i user who successfully authenticates can access the IDE. |
Defined and empty ([]) | The PJS server will not start. An error is displayed indicating that no allowed profiles are configured. |
Defined with entries | Only listed users, group profiles, or user classes can access the IDE. |
Examples
Example 1:
Allow only specific user profiles:
ideAllowedProfiles: ["USER", "ADMIN1"],Example 2:
Allow all user profiles with specific classes:
ideAllowedProfiles: ["*PGMR","*SECOFR"],Example 3:
Allow user profiles from a group profile:
ideAllowedProfiles: ["DEVTEAM"],Example 4:
Allow a mix of user profile classes, groups, and individual user profiles:
ideAllowedProfiles: ["*PGMR", "DEVTEAM", "USERC"],