End-user access role

In this example, we will define a role that grants users access to the following menu options in the self-service portal:

  • My Approvals (Self-service -> Request approval -> My Approvals)
  • Following options under "Manage user"
    • Superiors and Subordinates
    • Edit User
    • Identities

The implement the above, we will follow the high-level steps described below:

  1. Create a role
  2. Assign the appropriate menus to the role
  3. Assign the role to one or more users

Assign menus to a role

Since steps 1 and 3 have been defined elsewhere, this section will focus on assigning menus to a role to achieve the objectives above.

Update the Is Public Flag

By default, each of the top level menus in SELFSERVICE, has the Is Public flag set to true. This means that every one who has access to the self-service portal, has access to all of the menus. Since our goal is allow only a few of the menus to be accessible, update the Is Public flag in each top level menus to false. Follow the steps below to update the flag:

  • In the webconsole, go to Access Control -> Menus
  • Filter on SELFSERVICE and click on the actions button for SELFSERVICE
  • From the Menu tree shown below, right click on the menu that you want to update Self-service menu tress
  • Select Edit from the dropdown menu
  • From the edit menu screen, uncheck the Is Public flag. Edit menu
  • Click on save in the dialog box followed by clicking on Save this Menu Tree

OpenIAM maintains cache. You will need to wait up to 15 minutes for these changes to be applied.

For reference, SELFSERVICE contains the following top level menus:

  • My Info (Note - removing this option will remove the self-service portal landing page )
  • My Applications
  • Request Approval
  • Access Management
  • Self service center
  • Report
  • User Access

Note: As you work through this process, you may find that there are child menu objects that are also public by default and you need to update these as well.

Associate menus to roles

To add menus to your role:

  • Find the role by going to Access Control -> Menus
  • Filtering on the role name
  • Click on the Actions button to view the role details
  • Navigate Find the role that you want to update
  • Click on Menus from the left side menu
  • Select the "SELFSERVICE" menu tree

Role menus

Assign My Approvals menu to a role From our objectives above, the first step is to enable the My Approvals menu option under Request Approval. To do, follow the steps shown below:

  • Double click on `My Approvals"
  • Save The end result should look like the menu below.