End-user access role
In this example, we will define a role that grants users access to the following menu options in the self-service portal:
- My Approvals (Self-service -> Request approval -> My Approvals)
- Following options under "Manage user"
- Superiors and Subordinates
- Edit User
- Identities
The implement the above, we will follow the high-level steps described below:
- Create a role
- Assign the appropriate menus to the role
- Assign the role to one or more users
Assign menus to a role
Since steps 1 and 3 have been defined elsewhere, this section will focus on assigning menus to a role to achieve the objectives above.
Update the Is Public Flag
By default, each of the top level menus in SELFSERVICE, has the Is Public
flag set to true. This means that every one who has access to the self-service portal, has access to all of the menus. Since our goal is allow only a few of the menus to be accessible, update the Is Public flag in each top level menus to false. Follow the steps below to update the flag:
- In the webconsole, go to
Access Control -> Menus
- Filter on
SELFSERVICE
and click on the actions button for SELFSERVICE - From the Menu tree shown below, right click on the menu that you want to update
- Select
Edit
from the dropdown menu - From the edit menu screen, uncheck the
Is Public
flag. - Click on save in the dialog box followed by clicking on
Save this Menu Tree
OpenIAM maintains cache. You will need to wait up to 15 minutes for these changes to be applied.
For reference, SELFSERVICE contains the following top level menus:
- My Info (Note - removing this option will remove the self-service portal landing page )
- My Applications
- Request Approval
- Access Management
- Self service center
- Report
- User Access
Note: As you work through this process, you may find that there are child menu objects that are also public by default and you need to update these as well.
Associate menus to roles
To add menus to your role:
- Find the role by going to Access Control -> Menus
- Filtering on the role name
- Click on the Actions button to view the role details
- Navigate Find the role that you want to update
- Click on
Menus
from the left side menu - Select the "SELFSERVICE" menu tree
Assign My Approvals
menu to a role
From our objectives above, the first step is to enable the My Approvals menu option under Request Approval
. To do, follow the steps shown below:
- Double click on `My Approvals"
- Save The end result should look like the menu below.