Menus
Menus enable access to specific options within the OpenIAM webconsole and SelfService portals. Menus are a type of Resource. As with all resources, Menus can be used in conjunction with Roles and Groups to control the functionality provided to a set of people.
Menus are a tree-like structure. There are two top level menu objects:
- IDM (webconsole).
- SelfService. Each of these top level menu objects has a collection of menu-branches under them. These menu-branches are what you see on the menu bar in both the webconsole and SelfService portals. The image below shows the menu-branches available for the webconsole .
Subsequently, the image below shows the corresponding menu bar in the webconsole .
Each menu-branch consists of one or more menu-nodes. In the example below, we can see the menu-nodes that make up the User Admin branch. These menu-nodes are what the user sees when they click on an item in the menu bar in either the webconsole or SelfService portals.
Viewing and navigating the menu hierarchy
To see the menu hierarchy, go to webconsole > Access Control > Menus. Here, you will see a list of all menu-branches used across the application. Some of these menu-branches are used only with a specific section and are not available through the top level menu bar.
To access the top level menus, you can search for either: IDM (webconsole) or SELFSERVICE. Find the required menu and click Actions to see the menu tree.
Here, you can see the menu-branches and the related menu-nodes. The example below shows the SELFSERVICE top level menu and its affiliate objects.
Menu Metadata
Each menu object has a corresponding set of metadata. Metadata includes:
| Metadata attribute | Description |
|---|---|
| ID | Unique ID of the menu object |
| Name | Name of the menu object |
| URL | URL that will activate when this menu is selected. |
| Display Name | Name of the menu as it is shown to end-users. These values can be localized. |
| Icon | Icon that will be rendered if this menu objects is shown on the menu bar |
| Risk | Risk classification. |
| Is Public | Public indicates that a menu is accessible regardless of entitlement. |
| Is Visible | Allows a menu to be hidden from all users. |
| Open in new tab | Open the page (URL) linked to this menu in a new tab in the browser. |
| User entitled to this menu | Users who are directly entitled to this menu. This option should be reserved for exceptional cases. |
| Groups entitled to this menu | Groups that are entitled to this menu. All users that are part of this group will gain access to this menu. |
| Roles entitled to this menu | Roles that are entitled to this menu. All users that are part of this group will gain access to this menu. |
You can view the metadata, as shown below, by clicking on the menu.
By clicking a branch of the menu, you can open the MetaData window, shown below.
Editing a menu
You can edit a menu object by:
- Right clicking on the menu object
- Selecting an option from the dropdown.
This will allow you to edit the following attributes as shown in the image:
- Name
- Localization
- Icon
- Public and Visible attributes
Viewing menu entitlements
As indicated in the section above, it's possible that users can be entitled to menus either directly or through roles. The sections below describe how you can view entitlements assigned through roles or directly.
View menu entitlements for a User
To see the menus entitled to a particular user, you can follow the steps described below:
- Find the required user using the various search options available in the webconsole
- Menus in the left-hand list
- Select the menu name of interest in the search box; i.e. IDM, SelfService You will be able to see which menus the user is entitled to. Color-coding indicates how this entitlement is assigned; direct, through role, inheritance, etc. The entitlement template is shown below.
View menu entitlement associated with a Role
In most cases, access within OpenIAM will be defined through Roles. In this way, we can see the access that is granted through a role using the following steps:
- Select Access Control > Roles from the menu bar.
- To see the list menus entitled through a role, select the role from the list.
- Select Menus from the left menu bar.
- Select a Menu branch as shown below.
By double-clicking the respective branch one can give an explicit access to this menu branch for these Role members, if needed.
Define Access Roles
As indicated above, menus can be associated with roles to define access into both the webconsole and SelfService portal in a consistent way. The two examples below will describe how to define
- End user access where access to select parts of the SelfService are required.
- Admin access where access to select part of the webconsole is required.
More answers to questions on menus and how to use them can be found in the FAQ document