Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
tutorial:adm:codeable_permission [2019/05/02 05:12] kopro created |
tutorial:adm:codeable_permission [2019/05/20 09:01] fiserp proofreading |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Create evaluator with restrictions on one entity ===== | ====== Create evaluator with restrictions on one entity ===== | ||
- | {{tag> evaluator evaluators restrictions restrict codeable }} | ||
- | Codeable | + | {{tag> |
- | In this tutorial | + | Codeable evaluator |
+ | |||
+ | This tutorial describes how admin can create a new evaluator | ||
===== Define evaluator with restriction for one identity (user) ===== | ===== Define evaluator with restriction for one identity (user) ===== | ||
- | There is describes how to create evaluator that restrict | + | This section |
==== Step 1. - Get username of user ==== | ==== Step 1. - Get username of user ==== | ||
Line 15: | Line 16: | ||
==== Step 2. - Create codeable evaluator for role ==== | ==== Step 2. - Create codeable evaluator for role ==== | ||
- | For next step must exists | + | For this step a role must exist so we can hook a new evaluator |
{{ : | {{ : | ||
==== Step 3. - Define new evaluator ==== | ==== Step 3. - Define new evaluator ==== | ||
- | On modal window select | + | On a modal window, select: |
+ | * Entity | ||
+ | * Evaluator type: **CodeableEvaluator** | ||
+ | |||
+ | Then, application | ||
{{ : | {{ : | ||
- | And after save new evaluatore will be shown in evaluators | + | Save the new evaluator. If the action was successful, you can verify new evaluator |
+ | |||
+ | {{ : | ||
- | {{ : | ||
==== Step 4. - Add role to user ==== | ==== Step 4. - Add role to user ==== | ||
- | After this role will be added to user. User will saw identity with username john.doe in all identities. | + | Choose some other user (the user you want to give the permission to) and add him the role you configured. This user now obtains a new permission as defined in the evaluator. |
+ | |||
+ | {{ : | ||
+ | |||
+ | {{ : | ||
+ | ==== Step 5. - Result ==== | ||
+ | Final result. We assigned a role to the **richard.roe**. This user now can see the **john.doe** identity in IdM. | ||
{{ : | {{ : | ||
===== Define evaluator with restriction for access to one certification authority ===== | ===== Define evaluator with restriction for access to one certification authority ===== | ||
+ | This tutorial is similar to the first one. Instead of an identity, we grant user a permission to work with some certificate authority. For example, this restriction can be used for adding permissions to request certificates only from particular certificate authority authority. If you have multiple CAs defined, you can create one role for each of your CAs an then assign those roles to users as necessary. | ||
==== Step 1. - Get code of certification authority ==== | ==== Step 1. - Get code of certification authority ==== | ||
- | In first step we must get code of certification authority. | + | Get the **code** of certification authority. |
- | <note important> | + | <note important> |
{{ : | {{ : | ||
==== Step 2. - Create codeable evaluator for role ==== | ==== Step 2. - Create codeable evaluator for role ==== | ||
- | For next step must exists | + | For this step you have to have a role created |
{{ : | {{ : | ||
==== Step 3. - Define new evaluator ==== | ==== Step 3. - Define new evaluator ==== | ||
- | On modal window select | + | On modal window, select: |
+ | * Entity | ||
+ | * Evaluator type: **CodeableEvaluator**. | ||
+ | |||
+ | Application | ||
{{ : | {{ : | ||
- | And after save new evaluatore will be shown in evaluators | + | Save new evaluator. If everything is ok, you can see it in the list of existing |
{{ : | {{ : | ||
==== Step 4. - Add role to user ==== | ==== Step 4. - Add role to user ==== | ||
- | After this role will be added to user. User will saw only this certification | + | Add a role to some user. This user will now obtain a permission to work with particular certificate |
- | {{ : | + | {{ : |
- | This restriction of certification authority | + | {{ : |
+ | |||
+ | |||
+ | ==== Step 5. - Result ==== | ||
+ | Final result - user can see only the certification | ||
+ | |||
+ | {{ : |