Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
tutorial:adm:codeable_permission [2019/05/20 08:52]
fiserp proofreading
tutorial:adm:codeable_permission [2019/05/20 09:01] (current)
fiserp proofreading
Line 46: Line 46:
  
 ===== Define evaluator with restriction for access to one certification authority ===== ===== Define evaluator with restriction for access to one certification authority =====
-This tutorial is similar to the first one. Instead of an identity, we grant user a permission to work with some certificate authority.+This tutorial is similar to the first one. Instead of an identity, we grant user a permission to work with some certificate authority. ​For example, this restriction can be used for adding permissions to request certificates only from particular certificate authority authority. If you have multiple CAs defined, you can create one role for each of your CAs an then assign those roles to users as necessary. 
 ==== Step 1. - Get code of certification authority ==== ==== Step 1. - Get code of certification authority ====
-In first step we must get code of certification authority.+Get the **code** of certification authority.
  
-<note important>​Code ​as identifier ​can be used from version ​1.3.0 crt module. ​For lower version you must use ID (UUID) of certification authorityID can be found in webrowser ​URL.</​note>​+<note important>​**Code** can be used in 1.3.0 (and later) version of crt module. ​If you use lower version ​of crt module, ​you have to use UUID as an identifierUUID can be found in browser ​URL when you open the certificate authority detail page.</​note>​
  
 {{ :​tutorial:​adm:​eval010.png |}} {{ :​tutorial:​adm:​eval010.png |}}
  
 ==== Step 2. - Create codeable evaluator for role ==== ==== Step 2. - Create codeable evaluator for role ====
-For next step must exists ​role. For this role will be created ​new evaluator. If you don'​t ​have role please ​create ​one. For this role go to submenu **Permission** and then add new evaluator by button ​**Add**.+For this step you have to have a role created ​(if you do not have such a rolecreate ​it). We will now hook an evaluator to the role. For thisgo to role'​s ​submenu **Permission** and then add new evaluator by clicking the **Add** ​button.
  
 {{ :​tutorial:​adm:​eval011.png |}} {{ :​tutorial:​adm:​eval011.png |}}
  
 ==== Step 3. - Define new evaluator ==== ==== Step 3. - Define new evaluator ====
-On modal window select ​entity ​type as **CrtAuthority**. Evaluator type select ​**CodeableEvaluator** ​and then will be shown evaluator configuration with one option **identifier**. ​Into identifier can be put uuid or code of certification ​authority.+On modal windowselect
 +  * Entity ​type**CrtAuthority**. 
 +  * Evaluator type**CodeableEvaluator**
 + 
 +Application ​will display an evaluator configuration ​dialog ​with one option ​marked ​**identifier**. ​Fill in the identificator ​of certificate ​authority.
  
 {{ :​tutorial:​adm:​eval012.png |}} {{ :​tutorial:​adm:​eval012.png |}}
  
-And after save new evaluator ​will be shown in evaluators ​table:+Save new evaluator. If everything is ok, you can see it in the list of existing ​evaluators.
  
 {{ :​tutorial:​adm:​eval013.png |}} {{ :​tutorial:​adm:​eval013.png |}}
  
 ==== Step 4. - Add role to user ==== ==== Step 4. - Add role to user ====
-Add newly create ​role with new evaluator ​to user. This user will obtain a new permission. This permission allow made defined operation/​s ​in evaluator.+Add role to some user. This user will now obtain a permission ​to work with particular certificate authority (determined by CA identification ​in the evaluator).
  
 {{ :​tutorial:​adm:​roleadd02.png |}} {{ :​tutorial:​adm:​roleadd02.png |}}
Line 77: Line 82:
  
 ==== Step 5. - Result ==== ==== Step 5. - Result ====
-After this role will be added to user. User will saw only this certification authority.+Final result - user can see only the certification authority ​you want him to see.
  
 {{ :​tutorial:​adm:​eval014.png |}} {{ :​tutorial:​adm:​eval014.png |}}
- 
-This restriction of certification authority can be used for add permission for request certificates only by one authority.