This is an old revision of the document!
Create evaluator with restrictions on one entity
Codeable evaluator is useful for restriction on selected entity. For example if you want that one user see only one another user with defined username or uuid, or for restrict that user see only this role defined by code or uuid.
In this tutorial is described how to admin creates new evaluator that allow see only specific entity.
Define evaluator with restriction for one identity (user)
There is describes how to create evaluator that restrict permission to see only one identity (user).
Step 1. - Get username of user
Step 2. - Create codeable evaluator for role
For next step must exists role. For this role will be created new evaluator. If you don't have role please create one. For this role go to submenu Permission and then add new evaluator by button Add.
Step 3. - Define new evaluator
On modal window select entity type as IdmIdentity. Evaluator type select CodeableEvaluator and then will be shown evaluator configuration with one option identifier. Into identifier can be put uuid or username.
And after save new evaluator will be shown in evaluators table:
Step 4. - Add role to user
Add newly create role with new evaluator to user. This user will obtain a new permission. This permission allow made defined operation/s in evaluator.
Step 5. - Result
Define evaluator with restriction for access to one certification authority
Step 1. - Get code of certification authority
In first step we must get code of certification authority.
Step 2. - Create codeable evaluator for role
For next step must exists role. For this role will be created new evaluator. If you don't have role please create one. For this role go to submenu Permission and then add new evaluator by button Add.
Step 3. - Define new evaluator
On modal window select entity type as CrtAuthority. Evaluator type select CodeableEvaluator and then will be shown evaluator configuration with one option identifier. Into identifier can be put uuid or code of certification authority.
And after save new evaluator will be shown in evaluators table:
Step 4. - Add role to user
Add newly create role with new evaluator to user. This user will obtain a new permission. This permission allow made defined operation/s in evaluator.