IdM UI tasks – manage users UI access control
Here is an easy way to maintain the users UI access(display/edit/create access control).
- Create a custom privilege for the UI Display tasks & UI Edit tasks:
Note: for each UI task(display/edit/create) add the needed privilege.
2. Create a custom job to maintain the users access
- You can use a csv file, based on this file you can grant the needed access(PRIV:ROLE:TestUI_Display/ PRIV:ROLE:TestUI_Edit) to the users
- Then you will have one FromASCII file pass to read the scv file and create a custom table
- Second To Identity Store pass to update the users
Hope you like it 🙂
in your last screenshot the "Identity store" field is empty. I see some trouble coming, when somebody tries your solution and follows it to the T. 😉
Am I the only one, who loves to use business roles for the access control? 😕 I don't use privileges at all.
You are right (sometimes.... I forget that not everything is so obvious, as I think) 🙂
As for the use of BRs instead of privileges, I think this depends on the customer, we have customers that update/delete their BRs often, so I thought that having a distinct privilege responsible only for that is the safest way.
I have business roles just for UI access purposes, so they aren't touched by normal processes as they aren't dependent on org-structure for example. But you're right, in the end the result is the same. I was just wondering, because I've never seen it done with privileges. 🙂
Thank you for the update!
Yes, if you worked some time with IDM and the tabs in jobs and tasks, it is obvious that the IS needs to be filled. But those people probably won't need this blog. ^^
I remember my starting time and back then nothing was obvious to me and I needed all the information and help I could get out of the documentation, because even the error messages aren't that helpful IMO.
In the thought of that, maybe it could be helpful for new IDMers, if you add the build-up of the csv-file and how the source-tab should look for your example? 🙂 But that's just a suggestion.
Yes the result will be the same,but opposite to you 🙂 I have never done it with BRs.
As for the scv-file template and the source select, I will update the blog, so the new members will have better idea how to build it.