This topic has 3 replies, 2 voices, and was last updated 4 years, 8 months ago by Bill Nelson.

  • Author
  • #20196


    I’m asking me how it is possible to add an third Ui context with a separate URL path to the IDM UI?
    Besides the admin UI (http://host:port/admin/dashboard) and the self-service UI (http://host:port/dashboard), it should be possible to add a third context with a path
    for a third technical user like (http://host:port/techuser/dashboard).

    In which config file are those two standard paths defined?
    How can I add a third UI like the admin UI, but with only read authorization?

    thanks in advance

    • This topic was modified 4 years, 9 months ago by pryton.
    • This topic was modified 4 years, 9 months ago by pryton.
     Bill Nelson

    You are asking two different questions, @pryton.

    1) Can you create a third UI context with a separate URL path – yes.
    2) Can you add a third UI like the admin UI, but with read only AuthZ – yes (but not worth the effort)

    If your end goal is to create a read only admin to the admin UI (or better stated, to admin endpoints), then you don’t need a new Ui context. You simply need to create a new managed role, add your user(s) to that managed role, and then set the appropriate permissions to that role in the access.js file.

    We have created various types of admins (read only, config admins – only modify config, user admins – only modify users, etc.) in this same manner.


    Thanks @bill-nelsonidentityfusion-com,

    what you’ve said is correct but the requirements describe to also alter the Elements of the UI.
    Like less Buttons means less Options to for example not to be able to see the Connectors.

    Where are those Options defined ind the code?

    The reverse engineering brought no result unfortunately.

     Bill Nelson

    I am not aware of any specific functionality that gets to the level you suggest – at least not out of the box. If you need to get down to an object level (i.e. buttons, menu items, form elements, etc.) then you would need to build your own wrappers around each object you are attempting to safeguard. And for that, you might want to just consider building a separate standalone admin console that gives you exactly what you need.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?