Menus
Menus enable access to specific options within the OpenIAM Webconsole and Self-service portals. Menus are a type of Resource. As with all resources, Menus can be used in conjunction with Roles and Groups to control the functionality provided to set of people.
Menus are a tree-like structure. There are two top level menu objects:
- IDM (Webconsole)
- Selfservice Each of these top level menu objects has a collection of menu-branches under them. These menu-branches are what you see on the menubar in both the Webconsole and self-service portals. The image below shows the menu-branches available for the Webconsole.
Subsequently, the image below shows the corresponding menubar in the Webconsole.
Each menu-branch consists of one or more menu-nodes. In the example below, we can see the menu-nodes that make up the "User Admin" branch. These menu-nodes are that the user sees when they click on on item in the menubar in either the Webconsole or self-service portals.
Viewing and Navigating the Menu hierarchy
To see the menu hierarchy, go to Webconsole -> Access Control -> Menus. Here, you will see a list of all menu-branches used across the application. Some of these menu-branches are used only with a specific section and are not available through the top level-menubar.
The access the top level menus, you can search for either: IDM (Webconsole) or SELFSERVICE. Find the required menu and click Actions to see the menu tree.
Here, you can see the menu-branches the related menu-nodes. The example below shows the SELFSERVICE top level menu and its affiliate objected.
Menu Metadata
Each menu object has a corresponding set of metadata. Metadata includes:
| Metadata attribute | Description |
|---|---|
| ID | Unique ID of the menu object |
| Name | Name of the menu object |
| URL | URL that will activated when this menu is selected. |
| Display Name | Name of the menu as it be shown to end-users. This values can be localized. |
| Icon | Icon that will be rendered if this menu objects is shown on the menu bar |
| Risk | Risk classification. |
| Is Public | Public indicates that a menu is accessible regardless of entitlement. |
| Is Visible | Allows a menu to hidden from all users. |
| Open in new tab | Opens the page (URL) linked to this menu in a new tab in the browser. |
| User entitled to this menu | Users who are directly entitled to this menu. This option should be reserved for exceptional cases. |
| Groups entitled to this menu | Groups that are entitled to this menu. All users that are part of this group will gain access to this menu. |
| Roles entitled to this menu | Roles that are entitled to this menu. All users that are part of this group will gain access to this menu. |
You can view the metadata, as shown below, by clicking on the menu.
By clicking a branch of menu, you can open the MetaData window, shown below.
Editing a menu
You can edit a menu object by:
- Right clicking on the menu object
- Selecting an option from the dropdown.
This will allow you to edit the following attributes as shown in the image:
- Name
- Localization
- Icon
- Public and Visible attributes
Viewing menu entitlements
As indicated in the section above, its possible that users can be entitled to menus either directly or through roles. The sections below describe how you can view entitlements assigned through roles or directly.
View menu entitlements for a User
To see the menus entitled to a particular user, you can follow the steps described below:
- Find the required user using the various search options available in the Webconsole
- Menus in the left-hand list
- Select the menu name of interest in the search box; ie. IDM, Self-service You will be able to see which menus the user is entitled to. Color-coding indicates how this entitlement is assigned; direct, through role, inheritance, etc. The entitlement template is shown below.
View menu entitlement associated with a Role
In most case, access within OpenIAM will be defined through Roles. In this way, we can see the access that is granted through a role using the following steps:
- Select
Access Control -> Rolesfrom the menubar - To see the list menus entitled through a role, select the role from the list
- Select
Menusfrom the left menubar - Select a Menu branch as shown in the image below.
By double-clicking the respective branch one can give an explicit access to this menu branch for this Role members, if needed.
Define Access Roles
As indicated above, menus can be associated with roles to define access into both the Webconsole and Self-service portal in a consistent way. The two examples below will describe how to define:
- End user access where access to select parts of the self-service are required
- Admin access where access to select part of the Webconsole are required.