Splitting ui-admin role of OpenIDM in ui-configuration

This topic has 2 replies, 3 voices, and was last updated 4 years, 7 months ago by cristianoburgo.

  • Author
    Posts
  • #12221
     sswaroop
    Participant

    Hi,

    I am trying to see if it is possible to separate the ui-admin role for OpenIDM. The requirement is that a user logged into the Admin UI with a custom role (custom-user-admin for example) should see a LIMITED set of options. However, if a user with “openidm-admin” role should still be able to see ALL options.

    I did the following changes to the configuration and I’m able to login to the Admin UI using the custom role.

    conf/ui-configuration.json

    “roles” : {
    “openidm-authorized” : “ui-user”,
    “openidm-admin” : “ui-admin”,
    “custom-user-admin” : “ui-admin”
    },

    script/access.js

    {
    “pattern” : “*”,
    “roles” : “openidm-admin,custom-user-admin”,
    “methods” : “*”, // default to all methods allowed
    “actions” : “*”, // default to all actions allowed
    “customAuthz” : “disallowQueryExpression()”,
    “excludePatterns”: “repo,repo/*”
    }

    ui/admin/default/config/AppConfiguration.js

    “admin” : {
    “role”: “ui-admin”,
    “urls”: {
    “dashboard”: {

    },
    “useradmin”: {
    “name”: “User Admin”,
    “icon”: “fa fa-comment-o”,
    “dropdown”: true,
    “urls” : [
    {
    “url”: “#useradmin/”,
    “name”: “Operation 1”,
    “icon”: “fa fa-cubes”,
    “inactive”: false
    },
    {
    “url”: “#useradmin/”,
    “name”: “Operation 2”,
    “icon”: “fa fa-th”,
    “inactive”: false
    }
    ]
    },
    “configuration”: {
    ….
    ….
    },
    “managed”: {
    ….
    ….
    }
    }
    }

    However, the user can see all the links in the UI (same as openidm-admin), like “configuration” menu and “dashboard” menu. This is because, both the roles (openidm-admin and custom-user-admin) are mapped to “ui-admin”. Is it possible to split the ui-admin role such that “openidm-admin” can see all the urls/menu options and “user-admin” only see a limited set?

    Thanks,

    #16821
     david_plexus
    Participant

    Hi,

    Did you finally split de ui-admin?

    Thx

    • This reply was modified 4 years, 7 months ago by david_plexus.
    #17196
     cristianoburgo
    Participant
Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?