Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
tutorial:adm:codeable_permission [2019/05/20 08:42] fiserp [Create evaluator with restrictions on one entity] |
tutorial:adm:codeable_permission [2019/05/20 08:52] fiserp proofreading |
||
---|---|---|---|
Line 5: | Line 5: | ||
Codeable evaluator is useful for restricting privileges on selected entity. For example, if you want one user to be able to see only other user (with defined username or uuid), or for restricting that user to see only a role (defined by code or uuid). | Codeable evaluator is useful for restricting privileges on selected entity. For example, if you want one user to be able to see only other user (with defined username or uuid), or for restricting that user to see only a role (defined by code or uuid). | ||
- | This tutorial describes, how admin can create a new evaluator to achieve that. | + | This tutorial describes how admin can create a new evaluator to achieve that. |
===== Define evaluator with restriction for one identity (user) ===== | ===== Define evaluator with restriction for one identity (user) ===== | ||
- | There is describes how to create evaluator that restrict | + | This section |
==== Step 1. - Get username of user ==== | ==== Step 1. - Get username of user ==== | ||
Line 15: | Line 16: | ||
==== Step 2. - Create codeable evaluator for role ==== | ==== Step 2. - Create codeable evaluator for role ==== | ||
- | For next step must exists | + | For this step a role must exist so we can hook a new evaluator |
{{ : | {{ : | ||
==== Step 3. - Define new evaluator ==== | ==== Step 3. - Define new evaluator ==== | ||
- | On modal window select | + | On a modal window, select: |
+ | * Entity | ||
+ | * Evaluator type: **CodeableEvaluator** | ||
+ | |||
+ | Then, application | ||
{{ : | {{ : | ||
- | And after save new evaluator | + | Save the new evaluator. If the action was successful, you can verify |
{{ : | {{ : | ||
Line 29: | Line 34: | ||
==== Step 4. - Add role to user ==== | ==== Step 4. - Add role to user ==== | ||
- | Add newly create | + | Choose some other user (the user you want to give the permission to) and add him the role you configured. This user now obtains |
{{ : | {{ : | ||
Line 36: | Line 41: | ||
==== Step 5. - Result ==== | ==== Step 5. - Result ==== | ||
+ | Final result. We assigned a role to the **richard.roe**. This user now can see the **john.doe** identity in IdM. | ||
{{ : | {{ : | ||
===== Define evaluator with restriction for access to one certification authority ===== | ===== Define evaluator with restriction for access to one certification authority ===== | ||
+ | This tutorial is similar to the first one. Instead of an identity, we grant user a permission to work with some certificate authority. | ||
==== Step 1. - Get code of certification authority ==== | ==== Step 1. - Get code of certification authority ==== | ||
In first step we must get code of certification authority. | In first step we must get code of certification authority. |