Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision Both sides next revision
tutorial:adm:codeable_permission [2019/05/20 08:42]
fiserp [Create evaluator with restrictions on one entity] 		tutorial:adm:codeable_permission [2019/05/20 08:50]
fiserp proofreading
Line 6: Line 6:
  
 This tutorial describes how admin can create a new evaluator to achieve that. This tutorial describes how admin can create a new evaluator to achieve that.
 +
 ===== Define evaluator with restriction for one identity (user) ===== ===== Define evaluator with restriction for one identity (user) =====
-There is describes how to create evaluator that restrict permission to see only one identity (user).+This section describes how to create evaluator that restricts permission to see only one identity (user).
  
 ==== Step 1. - Get username of user ==== ==== Step 1. - Get username of user ====
Line 15: Line 16:
  
 ==== Step 2. - Create codeable evaluator for role ==== ==== Step 2. - Create codeable evaluator for role ====
-For next step must exists role. For this role will be created new evaluator. If you don't have role please create one. For this role go to submenu **Permission** and then add new evaluator by button **Add**.+For this step role must exist so we can hook a new evaluator to this role. If you don't have such a roleplease create one. Once you have a rolego to its submenu **Permission** and then add new evaluator by button **Add**.
 {{ :tutorial:adm:eval001.png |}} {{ :tutorial:adm:eval001.png |}}
  
 ==== Step 3. - Define new evaluator ==== ==== Step 3. - Define new evaluator ====
-On modal window select entity type as **IdmIdentity**. Evaluator type select **CodeableEvaluator** and then will be shown evaluator configuration with one option **identifier**. Into identifier can be put uuid or username.+On modal windowselect
 +  * Entity type**IdmIdentity**. 
 +  * Evaluator type**CodeableEvaluator** 
 + 
 +Then, application will display an evaluator configuration dialog with one option marked **identifier**. Put UUID or username of an user (identiti) into this field.
  
 {{ :tutorial:adm:eval002.png |}} {{ :tutorial:adm:eval002.png |}}
  
-And after save new evaluator will be shown in evaluators table:+Save the new evaluator. If the action was successful, you can verify new evaluator in the list of active evaluators.
  
 {{ :tutorial:adm:eval02.png |}} {{ :tutorial:adm:eval02.png |}}
Line 29: Line 34:
  
 ==== Step 4. - Add role to user ==== ==== Step 4. - Add role to user ====
-Add newly create role with new evaluator to user. This user will obtain a new permission. This permission allow made defined operation/in evaluator.+Choose some other user (the user you want to give the permission to) and add him the role you configured. This user now obtains a new permission as defined in the evaluator.
  
 {{ :tutorial:adm:roleadd001.png |}} {{ :tutorial:adm:roleadd001.png |}}
Line 36: Line 41:
  
 ==== Step 5. - Result ==== ==== Step 5. - Result ====
 +Final result. We assigned a role to the **richard.roe**. This user now can see the **john.doe** identity in IdM.
 {{ :tutorial:adm:eval004.png |}} {{ :tutorial:adm:eval004.png |}}
  
  • by fiserp