Admin access role

In this example, we will define a role that grants users access to the following menu options in the webconsole:

  • User administration
  • Provisioning
  • Audit log viewer

The implement the above, we will follow the high-level steps described below:

  1. Create a role
  2. Assign the appropriate menus to the role
  3. Assign the role to one or more users

Assign menus to a role

Since steps 1 and 3 have been defined elsewhere, this section will focus on assigning menus to a role to achieve the objectives above.

--

Define Access Roles

As indicated above, menus can be associated with roles to define access into both the Webconsole and Selfservice portal in a consistent way. The two examples below will describe how to define:

  • Admin access where access to select part of the webconsole are required.
  • End user access where access to select parts of the self-service are required

Special step for Webconsole menus access

Access to menus of Webconsole requires special authorization step, because actions performed in Webconsole and even data shown on Webconsole pages are security sensitive.

To allow members of role (or group) to have access in Webconsole you should link role (or group) with resource of two URI patterns: /webconsole/rest/api/ and /webconsole/

How to do it:

  1. Webconsole -> Access Control -> Content providers -> choose that content provider where you'd like to provide access to role (or group members).
  2. in the list of URI patterns find /webconsole/rest/api/* and click pencil icon
  3. on the top of page find Linked to Resource and click on provided link You will be redirected to page of resource.
  4. go to page Entitlements and add target role (or group) as a member of the resource
  5. repeat same steps for URI pattern /webconsole/*

Take in account that authorization service uses cache, and it can take from 5 to 15 min to refresh case, in other word role (or group) will start providing access to Webconsole in mentioned time.