This is an old revision of the document!
Create evaluator with restrictions on one entity
Codeable evaluator is useful for restricting privileges on selected entity. For example, if you want one user to be able to see only other user (with defined username or uuid), or for restricting that user to see only a role (defined by code or uuid).
This tutorial describes how admin can create a new evaluator to achieve that.
Define evaluator with restriction for one identity (user)
This section describes how to create evaluator that restricts permission to see only one identity (user).
Step 1. - Get username of user
Step 2. - Create codeable evaluator for role
For this step a role must exist so we can hook a new evaluator to this role. If you don't have such a role, please create one. Once you have a role, go to its submenu Permission and then add new evaluator by button Add.
Step 3. - Define new evaluator
On a modal window, select:
- Entity type: IdmIdentity.
- Evaluator type: CodeableEvaluator
Then, application will display an evaluator configuration dialog with one option marked identifier. Put UUID or username of an user (identiti) into this field.
Save the new evaluator. If the action was successful, you can verify new evaluator in the list of active evaluators.
Step 4. - Add role to user
Choose some other user (the user you want to give the permission to) and add him the role you configured. This user now obtains a new permission as defined in the evaluator.
Step 5. - Result
Final result. We assigned a role to the richard.roe. This user now can see the john.doe identity in IdM.
Define evaluator with restriction for access to one certification authority
This tutorial is similar to the first one. Instead of an identity, we grant user a permission to work with some certificate authority.
Step 1. - Get code of certification authority
In first step we must get code of certification authority.
Step 2. - Create codeable evaluator for role
For next step must exists role. For this role will be created new evaluator. If you don't have role please create one. For this role go to submenu Permission and then add new evaluator by button Add.
Step 3. - Define new evaluator
On modal window select entity type as CrtAuthority. Evaluator type select CodeableEvaluator and then will be shown evaluator configuration with one option identifier. Into identifier can be put uuid or code of certification authority.
And after save new evaluator will be shown in evaluators table:
Step 4. - Add role to user
Add newly create role with new evaluator to user. This user will obtain a new permission. This permission allow made defined operation/s in evaluator.