apiVersion: v1 data: ag.yaml: | externalConfig: authorizationGateway: appserverType: tomcat authentication: type: local authorization: type: local bridgeConnectionList: - encryptionType: aes128-gcm name: container-bridge rpcSecret: file=/secrets/bridge/password securityConfig: container-bridge-security url: http://authgateway-importer:7070 db: appserver: password: file=/secrets/ag_appserver/password username: ag_appserver host: authgateway-rw.abinitio-db.svc importer: password: file=/secrets/ag_db_importer/password username: ag_importer mainSchema: name: ag_main metaSchema: name: ag_meta name: authgateway port: "5432" report: password: file=/secrets/ag_report/password username: ag_report type: postgresql logging: directoryPath: /abinitio/webapp/logs maxBackups: 5 packageForSupport: encrypted: EncryptForNonAdmins serverConfiguration: cluster: autoConfig: hosts: authgateway-jgroup port: 7800 protocol: TCP enabled: true encryption: enabled: false mtbridge: defaultBridgeConnection: container-bridge importHostServicesBridgeConnection: container-bridge search: index: thread: pool: bootstrapSize: 1 size: 1 indexDirectoryRoot: file:///abinitio/data/searchIndex urlFromBrowser: https://aidp.k3s.sg.ic.cloudguild.gcp.abinitio.com/authgateway urlFromImporter: http://authgateway:8080/authgateway websockets: forceDisable: false aic-credentials.xml: | default-resources.xml: | 1.0 AIC Gateway The gateway that brokers communication between AI Central components and large language models Y AIC Gateway AIC Web Application The web application that implements the Ab Initio AI assistant Y AIC Web Application Authorization Gateway Authorization Gateway Y Authorization Gateway Cafe Cafe Y Cafe Control>Center Control>Center Y Control>Center Data Catalog Services Data Catalog Services Y Data Catalog Services EMETR EME Technical Repository Y EMETR Express>It Express>It Y Express>It Metadata Hub Metadata Hub Y AIASP:mhub_meta@jdbc:postgresql://metadatahub-rw.abinitio-db.svc:5432/metadatahub Query>It Query>It Y Query>It Query>It Administrator Query>It Administrator Y Query>It Administrator TRW Technical Repository Web Interface Y TRW Runtime Locator (Bridge) Runtime Locator (Bridge) Y runtime-locator-bridge AIC Gateway AIC Gateway All Routes Role Users with this role are allowed to use all routes configured in the AI Central Gateway N AIC Gateway All Routes Role AIC Web Application ROLE_AI_CENTRAL_ADMIN Permission to administer AI Central N AI Central Administrator AIC Web Application ROLE_AI_CENTRAL_USER Permission to log in to AI Central N AI Central User Cafe ADMIN Permission to administer N CAFE Administrator Cafe ROLE_AUTHENTICATED_USER Authenticated user role N CAFE Authenticated User Cafe USER User role N CAFE User Control>Center ROLE_OP_ADMIN N Control>Center Administrator Control>Center ROLE_OP_ANALYST N Control>Center Op Analyst Data Catalog Services ROLE_DC_ADMIN Permission to administer Data Catalog N Data Catalog Administrator Data Catalog Services ROLE_DC_PHYS_DATASET_EDITOR N Data Catalog Phys Dataset Editor Data Catalog Services ROLE_DC_USER N Data Catalog User EMETR 99997 All permissions N eme-login EMETR 99998 All permissions N eme-root Express>It AB_APPCONF_ADMINISTRATOR All permissions N AB_APPCONF_ADMINISTRATOR Express>It AB_APPCONF_EDITOR N AB_APPCONF_EDITOR Express>It AB_APPCONF_USER N AB_APPCONF_USER Metadata Hub Administrator Role Users belonging to the Administrator role have unrestricted access to application functions, including administrative functions. N Administrator Role Metadata Hub Approver Role Users belonging to the Approver role can approve any submitted changes. N Approver Role Metadata Hub Data Quality View Records with Issues Role Users belonging to the Data Quality View Records with Issues Role can view records within the dataset that contributed to data quality metrics. Data Quality View Records with Issues Role Metadata Hub DiscoveryAdministratorRole Administrative role that can access all of the Semantic Discovery views. N Discovery Administrator Role Metadata Hub DiscoveryOperatorRole Operations role that can request Semantic Discovery job execution. N Discovery Operator Role Metadata Hub Editor Role N Editor Role Metadata Hub Entity API Save Options Role Entity API Save Options Role N Entity API Save Options Role Metadata Hub Importer Role Users belonging to the Importer role may use the Metadata Importer. N Importer Role Metadata Hub MDP Administrator Role Administrative role that can perform all Metadata Promotion activities. N MDP Administrator Role Metadata Hub Product Interoperability Trust Role Product Interoperability Trust Role N Product Interoperability Trust Role Metadata Hub User Role Users belonging the User role may log in to the UI. N User Role Metadata Hub Version Tag Configurer Role Administrative role that can create, edit and delete Version Tag Related Content Queries. N Version Tag Configurer Role Metadata Hub Version Tag Editor Role Administrative role that can create, edit and delete Version Tags. N Version Tag Editor Role Metadata Hub Version Tag Promoter Role Administrative role that can create, edit and delete promoted Version Tags. N Version Tag Promoter Role Query>It qi_instance_administrator Users with the qi_instance_administrator role can: . create roles/schemas (via CREATEROLE privilege, and CREATE privilege on database absqldb) . change the AG (Authorization Gateway) connection configuration (ab_sql.ab_ag_config), . publish roles/resources to the AG, . view/kill active queries (absql.ab_query_impl), . create/modify dataspaces (absql.ab_ds_data_space), . view the query log (ab_sql.ab_log), . do everything a qi_instance_user can do Note that the CREATEROLE privilege will only be automatically granted to users with the qi_instance_administrator role if the Query>It instance is attached to the AG (Authorization Gateway). Otherwise, you have to explicitly alter a user to have the CREATEROLE privilege. N qi_instance_administrator Query>It qi_instance_superuser Users with the qi_instance_superuser role can: . Anything that a user with the qi_instance_administrator (or qi_instance_user) role can do, . Reconfigure data sources owned by other users, . Grant or revoke privileges on any table or schema, . Import catalogs that contain definitions for data sources that are owned by other users. N qi_instance_superuser Query>It qi_instance_user N qi_instance_user Query>It Administrator ROLE_AUTHENTICATED_USER Users with this role can log into the Query>It Administrator UI when it is configured to use AG authentication N qi_administrator_ui_login TRW ROLE_AUTHENTICATED_USER Users with this role can access the Technical Repository Web N User Runtime Locator (Bridge) GDE-User-Role N GDE-User-Role AGUser aiadmin Ab Initio Application Administrator Y Ab Initio Administrator file=/secrets/aiadmin/password <Username>aiadmin</Username> </AGPrincipal> <AGPrincipal> <SubType>AGUser</SubType> <AGPrincipal>dcs_utility</AGPrincipal> <ManagerSubType/> <Manager/> <PrincipalSubType/> <Principal/> <Description>Ab Initio Data Catalog Utility User</Description> <EmailAddress/> <ExternalGroupMapping/> <IsEnabled>Y</IsEnabled> <MailStop/> <MobilePhone/> <Name>Ab Initio Data Catalog Utility User</Name> <OfficePhone/> <HashedPassword>file=/secrets/dcs_utility_user/password</HashedPassword> <Title/> <Username>dcs_utility</Username> </AGPrincipal> <AGPrincipal> <SubType>AGUser</SubType> <AGPrincipal>mhub_utility</AGPrincipal> <ManagerSubType/> <Manager/> <PrincipalSubType/> <Principal/> <Description>Ab Initio Metadata Hub Utility User</Description> <EmailAddress/> <ExternalGroupMapping/> <IsEnabled>Y</IsEnabled> <MailStop/> <MobilePhone/> <Name>Ab Initio Metadata Hub Utility User</Name> <OfficePhone/> <HashedPassword>file=/secrets/mhub_utility_user/password</HashedPassword> <Title/> <Username>mhub_utility</Username> </AGPrincipal> <!-- Pre-create AG groups --> <AGPrincipal> <SubType>AGGroup</SubType> <AGPrincipal>AIC Gateway All Routes Group</AGPrincipal> <ManagerSubType /> <Manager /> <PrincipalSubType /> <Principal /> <Description /> <EmailAddress /> <ExternalGroupMapping></ExternalGroupMapping> <IsEnabled>Y</IsEnabled> <MailStop /> <MobilePhone /> <Name>AIC Gateway All Routes Group</Name> <OfficePhone /> <Password /> <Title /> <Username /> </AGPrincipal> <AGPrincipal> <SubType>AGGroup</SubType> <AGPrincipal>Ab Initio Editor Group</AGPrincipal> <ManagerSubType /> <Manager /> <PrincipalSubType /> <Principal /> <Description /> <EmailAddress /> <IsEnabled>Y</IsEnabled> <MailStop /> <MobilePhone /> <Name>Ab Initio Editor Group</Name> <OfficePhone /> <Password /> <Title /> <Username /> </AGPrincipal> <AGPrincipal> <SubType>AGGroup</SubType> <AGPrincipal>Ab Initio Joiner Group</AGPrincipal> <ManagerSubType /> <Manager /> <PrincipalSubType /> <Principal /> <Description /> <EmailAddress /> <IsEnabled>Y</IsEnabled> <MailStop /> <MobilePhone /> <Name>Ab Initio Joiner Group</Name> <OfficePhone /> <Password /> <Title /> <Username /> </AGPrincipal> <AGPrincipal> <SubType>AGGroup</SubType> <AGPrincipal>Ab Initio User Group</AGPrincipal> <ManagerSubType /> <Manager /> <PrincipalSubType /> <Principal /> <Description /> <EmailAddress /> <IsEnabled>Y</IsEnabled> <MailStop /> <MobilePhone /> <Name>Ab Initio User Group</Name> <OfficePhone /> <Password /> <Title /> <Username /> </AGPrincipal> <AGPrincipal> <SubType>AGGroup</SubType> <AGPrincipal>MetadataHub Utility Users</AGPrincipal> <ManagerSubType /> <Manager /> <PrincipalSubType /> <Principal /> <Description /> <EmailAddress /> <IsEnabled>Y</IsEnabled> <MailStop /> <MobilePhone /> <Name>MetadataHub Utility Users</Name> <OfficePhone /> <Password /> <Title /> <Username /> </AGPrincipal> <AGPrincipal> <SubType>AGGroup</SubType> <AGPrincipal>Data Catalog Utility Users</AGPrincipal> <ManagerSubType /> <Manager /> <PrincipalSubType /> <Principal /> <Description /> <EmailAddress /> <IsEnabled>Y</IsEnabled> <MailStop /> <MobilePhone /> <Name>Data Catalog Utility Users</Name> <OfficePhone /> <Password /> <Title /> <Username /> </AGPrincipal> <AGPrincipal> <SubType>AGGroup</SubType> <AGPrincipal>Product Interoperability Ticket Requester Group</AGPrincipal> <ManagerSubType /> <Manager /> <PrincipalSubType /> <Principal /> <Description /> <EmailAddress /> <IsEnabled>Y</IsEnabled> <MailStop /> <MobilePhone /> <Name>Product Interoperability Ticket Requester Group</Name> <OfficePhone /> <Password /> <Title /> <Username /> </AGPrincipal> <AGPrincipal> <SubType>AGGroup</SubType> <AGPrincipal>Ab Initio Administrator Group</AGPrincipal> <ManagerSubType /> <Manager /> <PrincipalSubType /> <Principal /> <Description /> <EmailAddress /> <IsEnabled>Y</IsEnabled> <MailStop /> <MobilePhone /> <Name>Ab Initio Administrator Group</Name> <OfficePhone /> <Password /> <Title /> <Username /> </AGPrincipal> <AGPrincipal> <SubType>AGGroup</SubType> <AGPrincipal>GDE Users</AGPrincipal> <ManagerSubType /> <Manager /> <PrincipalSubType /> <Principal /> <Description /> <EmailAddress /> <IsEnabled>Y</IsEnabled> <MailStop /> <MobilePhone /> <Name>GDE Users</Name> <OfficePhone /> <Password /> <Title /> <Username /> </AGPrincipal> <!-- Pre-populate AG groups with AG users --> <AGPrincipalXref> <ChildPrincipalSubType>AGUser</ChildPrincipalSubType> <ChildPrincipal>mhub_utility</ChildPrincipal> <ParentPrincipalSubType>AGGroup</ParentPrincipalSubType> <ParentPrincipal>MetadataHub Utility Users</ParentPrincipal> <IsManagedByDirectoryService>N</IsManagedByDirectoryService> </AGPrincipalXref> <AGPrincipalXref> <ChildPrincipalSubType>AGUser</ChildPrincipalSubType> <ChildPrincipal>dcs_utility</ChildPrincipal> <ParentPrincipalSubType>AGGroup</ParentPrincipalSubType> <ParentPrincipal>Data Catalog Utility Users</ParentPrincipal> <IsManagedByDirectoryService>N</IsManagedByDirectoryService> </AGPrincipalXref> <AGPrincipalXref> <ChildPrincipalSubType>AGUser</ChildPrincipalSubType> <ChildPrincipal>aiadmin</ChildPrincipal> <ParentPrincipalSubType>AGGroup</ParentPrincipalSubType> <ParentPrincipal>Ab Initio Administrator Group</ParentPrincipal> <IsManagedByDirectoryService>N</IsManagedByDirectoryService> </AGPrincipalXref> <AGPrincipalXref> <ChildPrincipalSubType>AGUser</ChildPrincipalSubType> <ChildPrincipal>aiadmin</ChildPrincipal> <ParentPrincipalSubType>AGGroup</ParentPrincipalSubType> <ParentPrincipal>Ab Initio Editor Group</ParentPrincipal> <IsManagedByDirectoryService>N</IsManagedByDirectoryService> </AGPrincipalXref> <AGPrincipalXref> <ChildPrincipalSubType>AGGroup</ChildPrincipalSubType> <ChildPrincipal>Ab Initio Administrator Group</ChildPrincipal> <ParentPrincipalSubType>AGGroup</ParentPrincipalSubType> <ParentPrincipal>AIC Gateway All Routes Group</ParentPrincipal> <IsManagedByDirectoryService>N</IsManagedByDirectoryService> </AGPrincipalXref> <AGPrincipalXref> <ChildPrincipalSubType>AGUser</ChildPrincipalSubType> <ChildPrincipal>aiadmin</ChildPrincipal> <ParentPrincipalSubType>AGGroup</ParentPrincipalSubType> <ParentPrincipal>GDE Users</ParentPrincipal> <IsManagedByDirectoryService>N</IsManagedByDirectoryService> </AGPrincipalXref> <!-- Add USER group and EDITOR group as subgroup to AIC group --> <AGPrincipalXref> <ChildPrincipalSubType>AGGroup</ChildPrincipalSubType> <ChildPrincipal>Ab Initio Editor Group</ChildPrincipal> <ParentPrincipalSubType>AGGroup</ParentPrincipalSubType> <ParentPrincipal>AIC Gateway All Routes Group</ParentPrincipal> <IsManagedByDirectoryService>N</IsManagedByDirectoryService> </AGPrincipalXref> <AGPrincipalXref> <ChildPrincipalSubType>AGGroup</ChildPrincipalSubType> <ChildPrincipal>Ab Initio User Group</ChildPrincipal> <ParentPrincipalSubType>AGGroup</ParentPrincipalSubType> <ParentPrincipal>AIC Gateway All Routes Group</ParentPrincipal> <IsManagedByDirectoryService>N</IsManagedByDirectoryService> </AGPrincipalXref> <!-- Create each join user in joinUserList & assign to the Joiner Group --> <AGPrincipal> <SubType>AGUser</SubType> <AGPrincipal>aic_join_user Join User</AGPrincipal> <ManagerSubType/> <Manager/> <PrincipalSubType/> <Principal/> <Description>Ab Initio Application Join User</Description> <EmailAddress/> <ExternalGroupMapping/> <IsEnabled>Y</IsEnabled> <MailStop/> <MobilePhone/> <Name>aic_join_user Join User</Name> <OfficePhone/> <HashedPassword>file=/secrets/aic_join_user/password</HashedPassword> <Title/> <Username>aic_join_user</Username> </AGPrincipal> <!-- Add Join User to Joiner Group --> <AGPrincipalXref> <ChildPrincipalSubType>AGUser</ChildPrincipalSubType> <ChildPrincipal>aic_join_user Join User</ChildPrincipal> <ParentPrincipalSubType>AGGroup</ParentPrincipalSubType> <ParentPrincipal>Ab Initio Joiner Group</ParentPrincipal> <IsManagedByDirectoryService>N</IsManagedByDirectoryService> </AGPrincipalXref> <AGPrincipal> <SubType>AGUser</SubType> <AGPrincipal>cafe_join_user Join User</AGPrincipal> <ManagerSubType/> <Manager/> <PrincipalSubType/> <Principal/> <Description>Ab Initio Application Join User</Description> <EmailAddress/> <ExternalGroupMapping/> <IsEnabled>Y</IsEnabled> <MailStop/> <MobilePhone/> <Name>cafe_join_user Join User</Name> <OfficePhone/> <HashedPassword>file=/secrets/cafe_join_user/password</HashedPassword> <Title/> <Username>cafe_join_user</Username> </AGPrincipal> <!-- Add Join User to Joiner Group --> <AGPrincipalXref> <ChildPrincipalSubType>AGUser</ChildPrincipalSubType> <ChildPrincipal>cafe_join_user Join User</ChildPrincipal> <ParentPrincipalSubType>AGGroup</ParentPrincipalSubType> <ParentPrincipal>Ab Initio Joiner Group</ParentPrincipal> <IsManagedByDirectoryService>N</IsManagedByDirectoryService> </AGPrincipalXref> <AGPrincipal> <SubType>AGUser</SubType> <AGPrincipal>cc_join_user Join User</AGPrincipal> <ManagerSubType/> <Manager/> <PrincipalSubType/> <Principal/> <Description>Ab Initio Application Join User</Description> <EmailAddress/> <ExternalGroupMapping/> <IsEnabled>Y</IsEnabled> <MailStop/> <MobilePhone/> <Name>cc_join_user Join User</Name> <OfficePhone/> <HashedPassword>file=/secrets/cc_join_user/password</HashedPassword> <Title/> <Username>cc_join_user</Username> </AGPrincipal> <!-- Add Join User to Joiner Group --> <AGPrincipalXref> <ChildPrincipalSubType>AGUser</ChildPrincipalSubType> <ChildPrincipal>cc_join_user Join User</ChildPrincipal> <ParentPrincipalSubType>AGGroup</ParentPrincipalSubType> <ParentPrincipal>Ab Initio Joiner Group</ParentPrincipal> <IsManagedByDirectoryService>N</IsManagedByDirectoryService> </AGPrincipalXref> <AGPrincipal> <SubType>AGUser</SubType> <AGPrincipal>dcs_join_user Join User</AGPrincipal> <ManagerSubType/> <Manager/> <PrincipalSubType/> <Principal/> <Description>Ab Initio Application Join User</Description> <EmailAddress/> <ExternalGroupMapping/> <IsEnabled>Y</IsEnabled> <MailStop/> <MobilePhone/> <Name>dcs_join_user Join User</Name> <OfficePhone/> <HashedPassword>file=/secrets/dcs_join_user/password</HashedPassword> <Title/> <Username>dcs_join_user</Username> </AGPrincipal> <!-- Add Join User to Joiner Group --> <AGPrincipalXref> <ChildPrincipalSubType>AGUser</ChildPrincipalSubType> <ChildPrincipal>dcs_join_user Join User</ChildPrincipal> <ParentPrincipalSubType>AGGroup</ParentPrincipalSubType> <ParentPrincipal>Ab Initio Joiner Group</ParentPrincipal> <IsManagedByDirectoryService>N</IsManagedByDirectoryService> </AGPrincipalXref> <AGPrincipal> <SubType>AGUser</SubType> <AGPrincipal>ei_join_user Join User</AGPrincipal> <ManagerSubType/> <Manager/> <PrincipalSubType/> <Principal/> <Description>Ab Initio Application Join User</Description> <EmailAddress/> <ExternalGroupMapping/> <IsEnabled>Y</IsEnabled> <MailStop/> <MobilePhone/> <Name>ei_join_user Join User</Name> <OfficePhone/> <HashedPassword>file=/secrets/ei_join_user/password</HashedPassword> <Title/> <Username>ei_join_user</Username> </AGPrincipal> <!-- Add Join User to Joiner Group --> <AGPrincipalXref> <ChildPrincipalSubType>AGUser</ChildPrincipalSubType> <ChildPrincipal>ei_join_user Join User</ChildPrincipal> <ParentPrincipalSubType>AGGroup</ParentPrincipalSubType> <ParentPrincipal>Ab Initio Joiner Group</ParentPrincipal> <IsManagedByDirectoryService>N</IsManagedByDirectoryService> </AGPrincipalXref> <AGPrincipal> <SubType>AGUser</SubType> <AGPrincipal>eme_join_user Join User</AGPrincipal> <ManagerSubType/> <Manager/> <PrincipalSubType/> <Principal/> <Description>Ab Initio Application Join User</Description> <EmailAddress/> <ExternalGroupMapping/> <IsEnabled>Y</IsEnabled> <MailStop/> <MobilePhone/> <Name>eme_join_user Join User</Name> <OfficePhone/> <HashedPassword>file=/secrets/eme_join_user/password</HashedPassword> <Title/> <Username>eme_join_user</Username> </AGPrincipal> <!-- Add Join User to Joiner Group --> <AGPrincipalXref> <ChildPrincipalSubType>AGUser</ChildPrincipalSubType> <ChildPrincipal>eme_join_user Join User</ChildPrincipal> <ParentPrincipalSubType>AGGroup</ParentPrincipalSubType> <ParentPrincipal>Ab Initio Joiner Group</ParentPrincipal> <IsManagedByDirectoryService>N</IsManagedByDirectoryService> </AGPrincipalXref> <AGPrincipal> <SubType>AGUser</SubType> <AGPrincipal>mhub_join_user Join User</AGPrincipal> <ManagerSubType/> <Manager/> <PrincipalSubType/> <Principal/> <Description>Ab Initio Application Join User</Description> <EmailAddress/> <ExternalGroupMapping/> <IsEnabled>Y</IsEnabled> <MailStop/> <MobilePhone/> <Name>mhub_join_user Join User</Name> <OfficePhone/> <HashedPassword>file=/secrets/mhub_join_user/password</HashedPassword> <Title/> <Username>mhub_join_user</Username> </AGPrincipal> <!-- Add Join User to Joiner Group --> <AGPrincipalXref> <ChildPrincipalSubType>AGUser</ChildPrincipalSubType> <ChildPrincipal>mhub_join_user Join User</ChildPrincipal> <ParentPrincipalSubType>AGGroup</ParentPrincipalSubType> <ParentPrincipal>Ab Initio Joiner Group</ParentPrincipal> <IsManagedByDirectoryService>N</IsManagedByDirectoryService> </AGPrincipalXref> <AGPrincipal> <SubType>AGUser</SubType> <AGPrincipal>qi_join_user Join User</AGPrincipal> <ManagerSubType/> <Manager/> <PrincipalSubType/> <Principal/> <Description>Ab Initio Application Join User</Description> <EmailAddress/> <ExternalGroupMapping/> <IsEnabled>Y</IsEnabled> <MailStop/> <MobilePhone/> <Name>qi_join_user Join User</Name> <OfficePhone/> <HashedPassword>file=/secrets/qi_join_user/password</HashedPassword> <Title/> <Username>qi_join_user</Username> </AGPrincipal> <!-- Add Join User to Joiner Group --> <AGPrincipalXref> <ChildPrincipalSubType>AGUser</ChildPrincipalSubType> <ChildPrincipal>qi_join_user Join User</ChildPrincipal> <ParentPrincipalSubType>AGGroup</ParentPrincipalSubType> <ParentPrincipal>Ab Initio Joiner Group</ParentPrincipal> <IsManagedByDirectoryService>N</IsManagedByDirectoryService> </AGPrincipalXref> <AGPrincipal> <SubType>AGUser</SubType> <AGPrincipal>qiadmin_join_user Join User</AGPrincipal> <ManagerSubType/> <Manager/> <PrincipalSubType/> <Principal/> <Description>Ab Initio Application Join User</Description> <EmailAddress/> <ExternalGroupMapping/> <IsEnabled>Y</IsEnabled> <MailStop/> <MobilePhone/> <Name>qiadmin_join_user Join User</Name> <OfficePhone/> <HashedPassword>file=/secrets/qiadmin_join_user/password</HashedPassword> <Title/> <Username>qiadmin_join_user</Username> </AGPrincipal> <!-- Add Join User to Joiner Group --> <AGPrincipalXref> <ChildPrincipalSubType>AGUser</ChildPrincipalSubType> <ChildPrincipal>qiadmin_join_user Join User</ChildPrincipal> <ParentPrincipalSubType>AGGroup</ParentPrincipalSubType> <ParentPrincipal>Ab Initio Joiner Group</ParentPrincipal> <IsManagedByDirectoryService>N</IsManagedByDirectoryService> </AGPrincipalXref> <AGPrincipal> <SubType>AGUser</SubType> <AGPrincipal>runtime_locator_join_user Join User</AGPrincipal> <ManagerSubType/> <Manager/> <PrincipalSubType/> <Principal/> <Description>Ab Initio Application Join User</Description> <EmailAddress/> <ExternalGroupMapping/> <IsEnabled>Y</IsEnabled> <MailStop/> <MobilePhone/> <Name>runtime_locator_join_user Join User</Name> <OfficePhone/> <HashedPassword>file=/secrets/runtime_locator_join_user/password</HashedPassword> <Title/> <Username>runtime_locator_join_user</Username> </AGPrincipal> <!-- Add Join User to Joiner Group --> <AGPrincipalXref> <ChildPrincipalSubType>AGUser</ChildPrincipalSubType> <ChildPrincipal>runtime_locator_join_user Join User</ChildPrincipal> <ParentPrincipalSubType>AGGroup</ParentPrincipalSubType> <ParentPrincipal>Ab Initio Joiner Group</ParentPrincipal> <IsManagedByDirectoryService>N</IsManagedByDirectoryService> </AGPrincipalXref> <AGPrincipal> <SubType>AGUser</SubType> <AGPrincipal>sd_join_user Join User</AGPrincipal> <ManagerSubType/> <Manager/> <PrincipalSubType/> <Principal/> <Description>Ab Initio Application Join User</Description> <EmailAddress/> <ExternalGroupMapping/> <IsEnabled>Y</IsEnabled> <MailStop/> <MobilePhone/> <Name>sd_join_user Join User</Name> <OfficePhone/> <HashedPassword>file=/secrets/sd_join_user/password</HashedPassword> <Title/> <Username>sd_join_user</Username> </AGPrincipal> <!-- Add Join User to Joiner Group --> <AGPrincipalXref> <ChildPrincipalSubType>AGUser</ChildPrincipalSubType> <ChildPrincipal>sd_join_user Join User</ChildPrincipal> <ParentPrincipalSubType>AGGroup</ParentPrincipalSubType> <ParentPrincipal>Ab Initio Joiner Group</ParentPrincipal> <IsManagedByDirectoryService>N</IsManagedByDirectoryService> </AGPrincipalXref> <AGPrincipal> <SubType>AGUser</SubType> <AGPrincipal>trw_join_user Join User</AGPrincipal> <ManagerSubType/> <Manager/> <PrincipalSubType/> <Principal/> <Description>Ab Initio Application Join User</Description> <EmailAddress/> <ExternalGroupMapping/> <IsEnabled>Y</IsEnabled> <MailStop/> <MobilePhone/> <Name>trw_join_user Join User</Name> <OfficePhone/> <HashedPassword>file=/secrets/trw_join_user/password</HashedPassword> <Title/> <Username>trw_join_user</Username> </AGPrincipal> <!-- Add Join User to Joiner Group --> <AGPrincipalXref> <ChildPrincipalSubType>AGUser</ChildPrincipalSubType> <ChildPrincipal>trw_join_user Join User</ChildPrincipal> <ParentPrincipalSubType>AGGroup</ParentPrincipalSubType> <ParentPrincipal>Ab Initio Joiner Group</ParentPrincipal> <IsManagedByDirectoryService>N</IsManagedByDirectoryService> </AGPrincipalXref> <!-- Add Enhanced Auth Accepted IPs for Joiner Group --> <AGEnhancedAuthPrincipal> <AGEnhancedAuthenticationSubType>AGEnhancedAuthIPAccept</AGEnhancedAuthenticationSubType> <AGEnhancedAuthentication>*.*.*.*</AGEnhancedAuthentication> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Joiner Group</AGPrincipal> </AGEnhancedAuthPrincipal> <AGEnhancedAuthPrincipal> <AGEnhancedAuthenticationSubType>AGEnhancedAuthIPAccept</AGEnhancedAuthenticationSubType> <AGEnhancedAuthentication>*:*:*:*:*:*:*:*</AGEnhancedAuthentication> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Joiner Group</AGPrincipal> </AGEnhancedAuthPrincipal> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>AIC Gateway All Routes Group</AGPrincipal> <AGProductInstance>AIC Gateway</AGProductInstance> <AGProductRole>AIC Gateway All Routes Role</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Editor Group</AGPrincipal> <AGProductInstance>AIC Web Application</AGProductInstance> <AGProductRole>ROLE_AI_CENTRAL_USER</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Editor Group</AGPrincipal> <AGProductInstance>Cafe</AGProductInstance> <AGProductRole>USER</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Editor Group</AGPrincipal> <AGProductInstance>Cafe</AGProductInstance> <AGProductRole>ROLE_AUTHENTICATED_USER</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Editor Group</AGPrincipal> <AGProductInstance>Control>Center</AGProductInstance> <AGProductRole>ROLE_OP_ANALYST</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Editor Group</AGPrincipal> <AGProductInstance>Data Catalog Services</AGProductInstance> <AGProductRole>ROLE_DC_PHYS_DATASET_EDITOR</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Editor Group</AGPrincipal> <AGProductInstance>EMETR</AGProductInstance> <AGProductRole>99997</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Editor Group</AGPrincipal> <AGProductInstance>EMETR</AGProductInstance> <AGProductRole>99998</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Editor Group</AGPrincipal> <AGProductInstance>Express>It</AGProductInstance> <AGProductRole>AB_APPCONF_EDITOR</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Editor Group</AGPrincipal> <AGProductInstance>Metadata Hub</AGProductInstance> <AGProductRole>Editor Role</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Joiner Group</AGPrincipal> <AGProductInstance>Authorization Gateway</AGProductInstance> <AGProductRole>Product Interoperability Ticket Requester Role</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Joiner Group</AGPrincipal> <AGProductInstance>Authorization Gateway</AGProductInstance> <AGProductRole>Editor Role</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio User Group</AGPrincipal> <AGProductInstance>AIC Web Application</AGProductInstance> <AGProductRole>ROLE_AI_CENTRAL_USER</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio User Group</AGPrincipal> <AGProductInstance>Cafe</AGProductInstance> <AGProductRole>USER</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio User Group</AGPrincipal> <AGProductInstance>Cafe</AGProductInstance> <AGProductRole>ROLE_AUTHENTICATED_USER</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio User Group</AGPrincipal> <AGProductInstance>Control>Center</AGProductInstance> <AGProductRole>ROLE_OP_ANALYST</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio User Group</AGPrincipal> <AGProductInstance>Data Catalog Services</AGProductInstance> <AGProductRole>ROLE_DC_USER</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio User Group</AGPrincipal> <AGProductInstance>EMETR</AGProductInstance> <AGProductRole>99997</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio User Group</AGPrincipal> <AGProductInstance>Express>It</AGProductInstance> <AGProductRole>AB_APPCONF_USER</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio User Group</AGPrincipal> <AGProductInstance>Query>It Administrator</AGProductInstance> <AGProductRole>ROLE_AUTHENTICATED_USER</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio User Group</AGPrincipal> <AGProductInstance>Metadata Hub</AGProductInstance> <AGProductRole>User Role</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio User Group</AGPrincipal> <AGProductInstance>TRW</AGProductInstance> <AGProductRole>ROLE_AUTHENTICATED_USER</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio User Group</AGPrincipal> <AGProductInstance>Query>It</AGProductInstance> <AGProductRole>qi_instance_user</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>MetadataHub Utility Users</AGPrincipal> <AGProductInstance>Metadata Hub</AGProductInstance> <AGProductRole>Entity API Save Options Role</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>MetadataHub Utility Users</AGPrincipal> <AGProductInstance>Metadata Hub</AGProductInstance> <AGProductRole>Product Interoperability Trust Role</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>MetadataHub Utility Users</AGPrincipal> <AGProductInstance>Metadata Hub</AGProductInstance> <AGProductRole>Approver Role</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>MetadataHub Utility Users</AGPrincipal> <AGProductInstance>Metadata Hub</AGProductInstance> <AGProductRole>Importer Role</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Data Catalog Utility Users</AGPrincipal> <AGProductInstance>Data Catalog Services</AGProductInstance> <AGProductRole>ROLE_DC_ADMIN</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Data Catalog Utility Users</AGPrincipal> <AGProductInstance>Metadata Hub</AGProductInstance> <AGProductRole>User Role</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Data Catalog Utility Users</AGPrincipal> <AGProductInstance>Query>It</AGProductInstance> <AGProductRole>qi_instance_superuser</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Data Catalog Utility Users</AGPrincipal> <AGProductInstance>EMETR</AGProductInstance> <AGProductRole>99998</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Product Interoperability Ticket Requester Group</AGPrincipal> <AGProductInstance>Authorization Gateway</AGProductInstance> <AGProductRole>Product Interoperability Ticket Requester Role</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Product Interoperability Ticket Requester Group</AGPrincipal> <AGProductInstance>Authorization Gateway</AGProductInstance> <AGProductRole>Editor Role</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Administrator Group</AGPrincipal> <AGProductInstance>Authorization Gateway</AGProductInstance> <AGProductRole>Administrator Role</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Administrator Group</AGPrincipal> <AGProductInstance>Cafe</AGProductInstance> <AGProductRole>ADMIN</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Administrator Group</AGPrincipal> <AGProductInstance>Control>Center</AGProductInstance> <AGProductRole>ROLE_OP_ADMIN</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Administrator Group</AGPrincipal> <AGProductInstance>Data Catalog Services</AGProductInstance> <AGProductRole>ROLE_DC_ADMIN</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Administrator Group</AGPrincipal> <AGProductInstance>EMETR</AGProductInstance> <AGProductRole>99997</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Administrator Group</AGPrincipal> <AGProductInstance>EMETR</AGProductInstance> <AGProductRole>99998</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Administrator Group</AGPrincipal> <AGProductInstance>Express>It</AGProductInstance> <AGProductRole>AB_APPCONF_ADMINISTRATOR</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Administrator Group</AGPrincipal> <AGProductInstance>Query>It Administrator</AGProductInstance> <AGProductRole>ROLE_AUTHENTICATED_USER</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Administrator Group</AGPrincipal> <AGProductInstance>Metadata Hub</AGProductInstance> <AGProductRole>Administrator Role</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Administrator Group</AGPrincipal> <AGProductInstance>Metadata Hub</AGProductInstance> <AGProductRole>Approver Role</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Administrator Group</AGPrincipal> <AGProductInstance>Metadata Hub</AGProductInstance> <AGProductRole>Data Quality View Records with Issues Role</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Administrator Group</AGPrincipal> <AGProductInstance>Metadata Hub</AGProductInstance> <AGProductRole>DiscoveryOperatorRole</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Administrator Group</AGPrincipal> <AGProductInstance>Metadata Hub</AGProductInstance> <AGProductRole>DiscoveryAdministratorRole</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Administrator Group</AGPrincipal> <AGProductInstance>Metadata Hub</AGProductInstance> <AGProductRole>Entity API Save Options Role</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Administrator Group</AGPrincipal> <AGProductInstance>Metadata Hub</AGProductInstance> <AGProductRole>MDP Administrator Role</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Administrator Group</AGPrincipal> <AGProductInstance>Metadata Hub</AGProductInstance> <AGProductRole>Version Tag Configurer Role</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Administrator Group</AGPrincipal> <AGProductInstance>Metadata Hub</AGProductInstance> <AGProductRole>Version Tag Editor Role</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Administrator Group</AGPrincipal> <AGProductInstance>Metadata Hub</AGProductInstance> <AGProductRole>Version Tag Promoter Role</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Administrator Group</AGPrincipal> <AGProductInstance>TRW</AGProductInstance> <AGProductRole>ROLE_AUTHENTICATED_USER</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Administrator Group</AGPrincipal> <AGProductInstance>Query>It</AGProductInstance> <AGProductRole>qi_instance_administrator</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Administrator Group</AGPrincipal> <AGProductInstance>Query>It</AGProductInstance> <AGProductRole>qi_instance_superuser</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Administrator Group</AGPrincipal> <AGProductInstance>AIC Web Application</AGProductInstance> <AGProductRole>ROLE_AI_CENTRAL_ADMIN</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>Ab Initio Administrator Group</AGPrincipal> <AGProductInstance>AIC Web Application</AGProductInstance> <AGProductRole>ROLE_AI_CENTRAL_USER</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>GDE Users</AGPrincipal> <AGProductInstance>EMETR</AGProductInstance> <AGProductRole>99997</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>GDE Users</AGPrincipal> <AGProductInstance>TRW</AGProductInstance> <AGProductRole>ROLE_AUTHENTICATED_USER</AGProductRole> </AGPrincipalRole> <AGPrincipalRole> <AGPrincipalSubType>AGGroup</AGPrincipalSubType> <AGPrincipal>GDE Users</AGPrincipal> <AGProductInstance>Runtime Locator (Bridge)</AGProductInstance> <AGProductRole>GDE-User-Role</AGProductRole> </AGPrincipalRole> </Entities> </initial> </config> kind: ConfigMap metadata: labels: abinitio/deployment: authgateway app.kubernetes.io/instance: authgateway app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: authgateway app.kubernetes.io/part-of: AbInitio app.kubernetes.io/version: 4.4.1 helm.sh/chart: authgateway-2.4.3-a name: authgateway-external-config namespace: abinitio