更改云代工厂默认管理员的范围

时间:2014-11-08 16:23:25

标签: cloudfoundry cloudfoundry-uaa

我按照本指南http://docs.cloudfoundry.org/adminguide/uaa-user-management.html创建了另一个用户,但在步骤7中意外地将默认管理员的范围更新为“EXISTING-PERMISSIONS scim.write”。之后,当我尝试使用'更新范围时'。 / uaac客户端更新admin --authorities'命令我收到以下错误:

error response:  
{  
  "error": "access_denied",  
  "error_description": "Invalid token does not contain resource id (clients)"  
}

有谁知道如何恢复默认管理员的范围?谢谢!

2 个答案:

答案 0 :(得分:0)

Pivotal的高级现场工程师。

您可以通过连接到OpsMgr或部署清单中的postgres UAAdb利用凭据来恢复管理员帐户的组成员资格。以下是您可以与所需组一起使用的示例脚本。不要担心重复的行,因为PK约束会阻止它们。更新组后,使用BOSH重新启动UAA服务器。需要这样做才能清除UAA的内存缓存...遗憾的是,没有更优雅的方式。希望这会有所帮助。

--client.write
insert into group_membership values ((select id from groups where displayname='clients.write'), (select id from users where username='admin'), 'USER', 'MEMBER', '2015-01-05', 'uaa');

--clients.admin
insert into group_membership values ((select id from groups where displayname='clients.admin'), (select id from users where username='admin'), 'USER', 'MEMBER', '2015-01-05', 'uaa');

--scim.read
insert into group_membership values ((select id from groups where displayname='scim.read'), (select id from users where username='admin'), 'USER', 'MEMBER', '2015-01-05', 'uaa');

--scim.write
insert into group_membership values ((select id from groups where displayname='scim.write'), (select id from users where username='admin'), 'USER', 'MEMBER', '2015-01-05', 'uaa');

--password.write
insert into group_membership values ((select id from groups where displayname='password.write'), (select id from users where username='admin'), 'USER', 'MEMBER', '2015-01-05', 'uaa');

--clients.read
insert into group_membership values ((select id from groups where displayname='clients.read'), (select id from users where username='admin'), 'USER', 'MEMBER', '2015-01-05', 'uaa');

--uaa.admin
insert into group_membership values ((select id from groups where displayname='uaa.admin'), (select id from users where username='admin'), 'USER', 'MEMBER', '2015-01-05', 'uaa');

答案 1 :(得分:0)

OP必须更改管理客户端的权限,而不是管理员用户的范围。这将是要运行的声明:

update oauth_client_details set authorities = 'uaa.admin,clients.read,clients.write,clients.secret,scim.read,scim.write,clients.admin' where client_id = 'admin'
相关问题
最新问题