Menus

Menus enable access to specific options within the OpenIAM Webconsole and Self-service portals. Menus are a type of Resource. As with all resources, Menus can be used in conjunction with Roles and Groups to control the functionality provided to set of people.

Menus are a tree-like structure. There are two top level menu objects:

  • IDM (Webconsole)
  • Selfservice Each of these top level menu objects has a collection of menu-branches under them. These menu-branches are what you see on the menubar in both the Webconsole and self-service portals. The image below shows the menu-branches available for the Webconsole.

Submenus for the Webconsole Subsequently, the image below shows the corresponding menubar in the Webconsole.

Menubar for the Webconsole Each menu-branch consists of one or more menu-nodes. In the example below, we can see the menu-nodes that make up the "User Admin" branch. These menu-nodes are that the user sees when they click on on item in the menubar in either the Webconsole or self-service portals.

Menubar for the Webconsole

Viewing and Navigating the Menu hierarchy

To see the menu hierarchy, go to Webconsole -> Access Control -> Menus. Here, you will see a list of all menu-branches used across the application. Some of these menu-branches are used only with a specific section and are not available through the top level-menubar.

The access the top level menus, you can search for either: IDM (Webconsole) or SELFSERVICE. Find the required menu and click Actions to see the menu tree.

Menu list

Here, you can see the menu-branches the related menu-nodes. The example below shows the SELFSERVICE top level menu and its affiliate objected.

Menu tree

Each menu object has a corresponding set of metadata. Metadata includes:

Metadata attributeDescription
IDUnique ID of the menu object
NameName of the menu object
URLURL that will activated when this menu is selected.
Display NameName of the menu as it be shown to end-users. This values can be localized.
IconIcon that will be rendered if this menu objects is shown on the menu bar
RiskRisk classification.
Is PublicPublic indicates that a menu is accessible regardless of entitlement.
Is VisibleAllows a menu to hidden from all users.
Open in new tabOpens the page (URL) linked to this menu in a new tab in the browser.
User entitled to this menuUsers who are directly entitled to this menu. This option should be reserved for exceptional cases.
Groups entitled to this menuGroups that are entitled to this menu. All users that are part of this group will gain access to this menu.
Roles entitled to this menuRoles that are entitled to this menu. All users that are part of this group will gain access to this menu.

You can view the metadata, as shown below, by clicking on the menu. By clicking a branch of menu, you can open the MetaData window, shown below. Menu MetaData

Editing a menu

You can edit a menu object by:

  • Right clicking on the menu object
  • Selecting an option from the dropdown. Edit menu

This will allow you to edit the following attributes as shown in the image:

  • Name
  • Localization
  • Icon
  • Public and Visible attributes

Edit menu popup

Viewing menu entitlements

As indicated in the section above, its possible that users can be entitled to menus either directly or through roles. The sections below describe how you can view entitlements assigned through roles or directly.

View menu entitlements for a User

To see the menus entitled to a particular user, you can follow the steps described below:

  • Find the required user using the various search options available in the Webconsole
  • Menus in the left-hand list
  • Select the menu name of interest in the search box; ie. IDM, Self-service You will be able to see which menus the user is entitled to. Color-coding indicates how this entitlement is assigned; direct, through role, inheritance, etc. The entitlement template is shown below.

User Menu

View menu entitlement associated with a Role

In most case, access within OpenIAM will be defined through Roles. In this way, we can see the access that is granted through a role using the following steps:

  • Select Access Control -> Roles from the menubar
  • To see the list menus entitled through a role, select the role from the list
  • Select Menus from the left menubar
  • Select a Menu branch as shown below.

Role menu

By double-clicking the respective branch one can give an explicit access to this menu branch for this Role members, if needed.

Define Access Roles

As indicated above, menus can be associated with roles to define access into both the Webconsole and Self-service portal in a consistent way. The two examples below will describe how to define:

  • End user access where access to select parts of the self-service are required
  • Admin access where access to select part of the Webconsole are required.