Menus

Menus enable access to specific options within the OpenIAM webconsole and SelfService portals. Menus are a type of Resource. As with all resources, Menus can be used in conjunction with Roles and Groups to control the functionality provided to a set of people.

Menus are a tree-like structure. There are two top level menu objects:

  • IDM (webconsole).
  • SelfService. Each of these top level menu objects has a collection of menu-branches under them. These menu-branches are what you see on the menu bar in both the webconsole and SelfService portals. The image below shows the menu-branches available for the webconsole .

Submenus for the Webconsole Subsequently, the image below shows the corresponding menu bar in the webconsole .

Menu bar for the Webconsole Each menu-branch consists of one or more menu-nodes. In the example below, we can see the menu-nodes that make up the User Admin branch. These menu-nodes are what the user sees when they click on an item in the menu bar in either the webconsole or SelfService portals.

Menu bar for the Webconsole

Viewing and navigating the menu hierarchy

To see the menu hierarchy, go to webconsole > Access Control > Menus. Here, you will see a list of all menu-branches used across the application. Some of these menu-branches are used only with a specific section and are not available through the top level menu bar.

To access the top level menus, you can search for either: IDM (webconsole) or SELFSERVICE. Find the required menu and click Actions to see the menu tree.

Menu list

Here, you can see the menu-branches and the related menu-nodes. The example below shows the SELFSERVICE top level menu and its affiliate objects.

Menu tree

Each menu object has a corresponding set of metadata. Metadata includes:

Metadata attributeDescription
IDUnique ID of the menu object
NameName of the menu object
URLURL that will activate when this menu is selected.
Display NameName of the menu as it is shown to end-users. These values can be localized.
IconIcon that will be rendered if this menu objects is shown on the menu bar
RiskRisk classification.
Is PublicPublic indicates that a menu is accessible regardless of entitlement.
Is VisibleAllows a menu to be hidden from all users.
Open in new tabOpen the page (URL) linked to this menu in a new tab in the browser.
User entitled to this menuUsers who are directly entitled to this menu. This option should be reserved for exceptional cases.
Groups entitled to this menuGroups that are entitled to this menu. All users that are part of this group will gain access to this menu.
Roles entitled to this menuRoles that are entitled to this menu. All users that are part of this group will gain access to this menu.

You can view the metadata, as shown below, by clicking on the menu. By clicking a branch of the menu, you can open the MetaData window, shown below. Menu MetaData

Editing a menu

You can edit a menu object by:

  • Right clicking on the menu object
  • Selecting an option from the dropdown. Edit menu

This will allow you to edit the following attributes as shown in the image:

  • Name
  • Localization
  • Icon
  • Public and Visible attributes

Edit menu popup

Viewing menu entitlements

As indicated in the section above, it's possible that users can be entitled to menus either directly or through roles. The sections below describe how you can view entitlements assigned through roles or directly.

View menu entitlements for a User

To see the menus entitled to a particular user, you can follow the steps described below:

  • Find the required user using the various search options available in the webconsole
  • Menus in the left-hand list
  • Select the menu name of interest in the search box; i.e. IDM, SelfService You will be able to see which menus the user is entitled to. Color-coding indicates how this entitlement is assigned; direct, through role, inheritance, etc. The entitlement template is shown below.

User Menu

View menu entitlement associated with a Role

In most cases, access within OpenIAM will be defined through Roles. In this way, we can see the access that is granted through a role using the following steps:

  • Select Access Control > Roles from the menu bar.
  • To see the list menus entitled through a role, select the role from the list.
  • Select Menus from the left menu bar.
  • Select a Menu branch as shown below.

Role menu

By double-clicking the respective branch one can give an explicit access to this menu branch for these Role members, if needed.

Define Access Roles

As indicated above, menus can be associated with roles to define access into both the webconsole and SelfService portal in a consistent way. The two examples below will describe how to define

  • End user access where access to select parts of the SelfService are required.
  • Admin access where access to select part of the webconsole is required.

More answers to questions on menus and how to use them can be found in the FAQ document