# Authentication and Authorization ## User Any user has the following attributes: * username * password * permissions * list of banned agents ### Getting Users Information In order to print all users, execute the following command: ``` $ flopsar auth info FLOPSAR_WDIR ``` In order to print detailed information about a particular user (e.g. user1) execute the command: ```bash $ flopsar auth info --username=user1 FLOPSAR_WDIR ``` ### Adding/Deleting Users In order to add a new user `user1`, execute the following command: ```bash $ flopsar auth add --username=user1 FLOPSAR_WDIR ``` In order to delete the user `user1` execute the following command: ```bash $ flopsar auth rm --username=user1 FLOPSAR_WDIR ``` ## Authentication Flopsar supports two types of authentication providers: internal (local) and external. ### Internal This is a default authentication system used by Flopsar. All the users information is stored in `Manager`. The authentication itself is performed internally, i.e. is not delegated to any other external authentication system. This means, that users password are stored encrypted in `Manager`. In order to change a password for `user1` user, you must make use of the following command: ```bash $ flopsar auth mod --username=user1 --password FLOPSAR_WDIR ``` ### External This type delegates the authentication to other, third-party authentication systems. In order to enable it, you need to implement a specific `Server` [plugin](/3.0/developer-guide/server-plugins.md#authentication-plugin) and [install](/3.0/administrator-guide/server.md#plugins) it on the Manager. ## Authorization {% hint style="warning" %} No matter which authentication type you choose, the authorization is always performed in the Manager. That means all users must exist in the Manager. {% endhint %} #### Permissions The following permissions are available: | Symbol | Description | | ------ | ----------------------------------- | | c | User can edit agents configuration. | | p | User can see method parameters. | | o | User can see agents online data. | | q | User can query agents directly. | In order to set the permissions for the user `user1`, execute the command: ```bash $ flopsar auth mod --username=user1 --perms=perms_vals FLOPSAR_WDIR ``` where `perms_vals` are the permissions symbols prefixed with `+` or `-` depending on whether you want to add or revoke the permission. For example, if you want to allow `user1` to see methods parameters and agents online data, execute the following command: ```bash $ flopsar auth mod --username=user1 --perms=+po FLOPSAR_WDIR ``` In order to revoke those permissions, execute the command: ```bash $ flopsar auth mod --username=user1 --perms=-po FLOPSAR_WDIR ``` #### Banned Agents A user can see all data from any agent by default. In order to prevent a user (`user1`) from seeing particular agents, you need to execute the following command: ```bash $ flopsar auth mod --username=user1 --ban=agents_pattern FLOPSAR_WDIR ``` where `agents_pattern` is a regular expression for agents' names. In order to unban some agents, execute the command: ```bash $ flopsar auth mod --username=user1 --unban=agents_pattern FLOPSAR_WDIR ``` ## --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.flopsar.com/3.0/administrator-guide/authentication-and-authorization.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.