Access to functions¶
Scopes¶
The function access in Baculum is a term associated with OAuth2 clients. Functions are defined as the OAuth2 scopes and they refer to the general Baculum API functionalies like:
jobs
directors
clients
storages
devices
volumes
pools
bvfs
joblog
filesets
schedules
config
actions
oauth2
basic
consoles
Setting selected scopes in the OAuth2 client account defines to which Baculum
API functions the Baculum Web will have access. For example, if OAuth2 client
has configured scopes: jobs
and clients
, this OAuth2 client will be
able to get job list, run backup job, do restore, but it will not be able to
get volume list or get storage status.
More detailed, the functions are connected with API endpoints in the way that
/job/
endpoint refers to job scope, /volume/
endpoint refers to volume
scope.
What scopes to set¶
To work with Baculum Web typically for administrators it is good to set all
scopes. For an user with limitted access usually you can assign most of scopes
except admin specific scopes like: config
, actions
, oauth2
and
basic
.