Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision Last revision Both sides next revision | ||
tutorial:adm:codeable_permission [2019/05/02 05:12] kopro created |
tutorial:adm:codeable_permission [2019/05/20 08:52] fiserp proofreading |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Create evaluator with restrictions on one entity ===== | ====== Create evaluator with restrictions on one entity ===== | ||
- | {{tag> evaluator evaluators restrictions restrict codeable }} | ||
- | Codeable | + | {{tag> |
- | In this tutorial | + | Codeable evaluator |
+ | |||
+ | This tutorial describes how admin can create a new evaluator | ||
===== Define evaluator with restriction for one identity (user) ===== | ===== Define evaluator with restriction for one identity (user) ===== | ||
- | There is describes how to create evaluator that restrict | + | This section |
==== Step 1. - Get username of user ==== | ==== Step 1. - Get username of user ==== | ||
Line 15: | Line 16: | ||
==== Step 2. - Create codeable evaluator for role ==== | ==== Step 2. - Create codeable evaluator for role ==== | ||
- | For next step must exists | + | For this step a role must exist so we can hook a new evaluator |
{{ : | {{ : | ||
==== Step 3. - Define new evaluator ==== | ==== Step 3. - Define new evaluator ==== | ||
- | On modal window select | + | On a modal window, select: |
+ | * Entity | ||
+ | * Evaluator type: **CodeableEvaluator** | ||
+ | |||
+ | Then, application | ||
{{ : | {{ : | ||
- | And after save new evaluatore will be shown in evaluators | + | Save the new evaluator. If the action was successful, you can verify new evaluator |
+ | |||
+ | {{ : | ||
- | {{ : | ||
==== Step 4. - Add role to user ==== | ==== Step 4. - Add role to user ==== | ||
- | After this role will be added to user. User will saw identity with username john.doe in all identities. | + | Choose some other user (the user you want to give the permission to) and add him the role you configured. This user now obtains a new permission as defined in the evaluator. |
+ | |||
+ | {{ : | ||
+ | |||
+ | {{ : | ||
+ | ==== Step 5. - Result ==== | ||
+ | Final result. We assigned a role to the **richard.roe**. This user now can see the **john.doe** identity in IdM. | ||
{{ : | {{ : | ||
===== Define evaluator with restriction for access to one certification authority ===== | ===== Define evaluator with restriction for access to one certification authority ===== | ||
+ | This tutorial is similar to the first one. Instead of an identity, we grant user a permission to work with some certificate authority. | ||
==== Step 1. - Get code of certification authority ==== | ==== Step 1. - Get code of certification authority ==== | ||
In first step we must get code of certification authority. | In first step we must get code of certification authority. | ||
Line 52: | Line 64: | ||
{{ : | {{ : | ||
- | And after save new evaluatore | + | And after save new evaluator |
{{ : | {{ : | ||
==== Step 4. - Add role to user ==== | ==== Step 4. - Add role to user ==== | ||
+ | Add newly create role with new evaluator to user. This user will obtain a new permission. This permission allow made defined operation/s in evaluator. | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | |||
+ | ==== Step 5. - Result ==== | ||
After this role will be added to user. User will saw only this certification authority. | After this role will be added to user. User will saw only this certification authority. | ||