This topic contains 3 replies, has 3 voices, and was last updated by  paresh1983 3 months, 1 week ago.

  • Author
    Posts
  • #18521
     jtsheke 
    Participant

    Hi,
    I added a new role and set permission on access.js but still getting
    FAILED”,”403″,”{“”code””:403,””reason””:””Forbidden””,””message””:””Access denied””}

    Here is my access.js config (let say the role name is nomrole)

    {
    “pattern” : “*”,
    “roles” : “nomrole”,
    “methods” : “*”,
    “actions” : “*”
    }

    Did anyone created a new role and set it to normal users? How to set permissions?

    Thanks a lot.

    #18790
     Jake Feasel 
    Moderator

    You have to use the role _id, not the role name, when declaring them in access.js.

    #18841
     jtsheke 
    Participant

    Thanks a lot Jake,

    that what I did and worked but I forgot to notify it here. I hope the documentation will be updated accordingly in the future.
    Thanks again.

    #23130
     paresh1983 
    Participant

    I created a new role called “TestRole” and changed access.js to mention corresponding _id value as shown below (after openidm-admin). Also assigned role to required managed user. When i try to access https://<idmURL>/admin url with that managed user, I get unauthorized access. Is this supposed to work this way?

    My ultimate goal is to assign only certain privileges to a role. For eg: that role should be able to perform password resets, user updates etc.

    —————–Snippet from access.js———–
    // openidm-admin can request nearly anything (except query expressions on repo endpoints)
    {
    “pattern” : “*”,
    “roles” : “openidm-admin,3deed6e6-aea5-4c2d-902b-961063232e4a”,
    “methods” : “*”, // default to all methods allowed
    “actions” : “*”, // default to all actions allowed
    “customAuthz” : “disallowQueryExpression()”,
    “excludePatterns”: “repo,repo/*”
    },

    Thanks,
    Paresh

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2018 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?