Table Of Contents

Previous topic

6.4. LDAPServer

Next topic

6.6. HostResolver

6.5. UserList

The UserList implements checking whether a user name matches the given User List policy. Note that the match is case sensitive.

6.5.1. Configuration example

[user_list]
# Name of the User List policy configured in SPS (Policies -> User Lists)
; name = <user-list-policy-name>

6.5.1.1. Checking whether a user name matches a User List

In this example we’ll use the following configuration to check User List membership of user ‘administrator’

[user_list]
# Name of the User List policy configured in SPS (Policies -> User Lists)
name = my_user_list_policy

from safeguard.sessions.plugin import PluginConfiguration
from safeguard.sessions.plugin import UserList

class Plugin:
   def __init__(self, configuration):
       self.__config = PluginConfiguration(configuration)
       self.__user_list = UserList.from_config(self.__config)
       is_matched = self.__user_list.check_user('administrator')
class safeguard.sessions.plugin.user_list.UserList(users, default)

The UserList represents access to the User List policy in SPS.

Do not instantiate UserList service with its constructor, rather use the from_config() method.

Parameters:
  • users (list) – a list of user names, corresponding to the except list in the policy
  • default – ‘all_users’ or ‘no_user’, corresponding to the allow setting in the policy
classmethod from_config(plugin_configuration, section='user_list', name=None)

The from_config() method creates a UserList instance from the given plugin configuration.

Parameters:
  • plugin_configuration (PluginConfiguration) – plugin configuration object
  • section (str) – name of the configuration section where the User List policy name is found
  • name (str) – name of the User List policy
Returns:

UserList
Raises:

RequiredConfigurationSettingNotFound if there is no such section or “name” option in the section defined in the configuration.
Raises:

LocalUserListNotFound if the given User List policy is not found.
check_user(username)

The check_user() will match the user name against a User List policy that contains an “allow” and “except” configuration option. The returned value is True in two cases:

  1. the “allow” option equals no_user and the user name is in the “except” list (whitelist case)
  2. the “allow” option equals all_users and the user name is not in the “except” list (blacklist case)

otherwise the return value is False.

Note: the check in the “except” list is case sensitive.

Parameters:username (str) – the user name to check
Returns:bool

6.5.2. Exceptions

exception safeguard.sessions.plugin.user_list_exceptions.LocalUserListNotFound(user_list_name)

The LocalUserListNotFound exception is raised when the configured local user list cannot be found.