The Permits Expert is a dedicated component in the meshIQ platform that manages permission-related interactions between the CEP server, Workgroup Server (WGS), and Data Services (DS). It centralizes permission handling and communicates with the permissions database, enhancing control and security across meshIQ services.
To deploy a new Permits Expert:
- Navigate to the Deployment Tool.
- Right-click on the Domain Server.
- Go to Deploy Expert > Security > Permits Expert.
Once deployed, configure the cache refresh interval in the Other Options tab to control how frequently the Permits Expert syncs with the permissions database.
Under the Permits DB tab in the Permits Expert configuration dialog:
- Enter the Permits Database URL, specifying the DB host, port, and database name.
- Define minimum and maximum database connections.
- Define the schema where the permits data is stored.
- Provide the Permits Database User Name and Password to authenticate and establish a secure connection.
Navigate to the Rest API tab and configure:
- Basic Authentication Enabled
This option is enabled to allow secure access to the REST API using a username and password. - HTTP REST Listener Enabled
Enable it if you want the REST API to listen for incoming HTTP requests. - HTTP REST Listening Port
Set to 8020, this specifies the port on which the REST service listens for incoming HTTP requests. - OAuth2 Authentication Enabled
Enable it to use OAuth2 token-based authentication for REST API access. - SSL (HTTPS) Enabled
Enable it to activate HTTPS for secure REST API communication. - SSL (HTTPS) Key Store Password
The password to access the keystore for HTTPS configuration is provided here. - SSL (HTTPS) Key Store Path
It is used to specify the file path to the SSL keystore containing certificates for HTTPS. - SSL (HTTPS) Default Certificate Alias
It is used to define the alias of the certificate to be used from the keystore. - SSL (HTTPS) Key Manager Password
This password grants access to the key manager within the keystore. - SSL (HTTPS) SNI Host Check
This option is enabled to perform Server Name Indication (SNI) host name validation during HTTPS connections. - WSM Access Granted to User Groups
Enter group names to allow only those users to access the Permits Expert REST API. - WSM Reports Limit
Sets the maximum number of WSM report records visible in Secure/Control Center.
Once saved and running, you can verify that the Permits Expert is working correctly by checking its Facts under the domain in the UI:
- DBSTATS: Connection status, DB version, and exceptions (if any).
- RESTSTATS: Port, URI, start status, and version.