Skip to main content

Example Role centric PEP

Role centric Enforcement Point

Use case example

We want to define a policy to restrict access to the Soffid console role's page (MainMenu > Administration > Resources > Roles).

The users who belong to the "enterprise" group as primary group (from this point forward: end-users) will have limitations to perform some actions on the Soffid console roles page.

  1. The end-users could query all the roles information.
  2. The  end-users could update any role in the information systems "ERP RRHH"
  3. The  end-users could not create any role.
  4. The  end-users could not delete any role.

XACML Editor

Policy set

First of all, we define a policy set. We need to define the subject, in that case users who belong to "enterprise" as primary group.

image-1628174643729.png

Then, we can define a policy to manage the different actions that the end-users could perform.

image-1628155635296.png

Policy

The policy will apply to an only one user. That policy will be to protect the role resource.

image-1628175568036.png

 

Rules

The policy has four rules, one for each available action that the users could perform.

image-1628155869534.png

 

image-1628155943950.png

image-1628155923203.png

image-1628155966684.png

Download XML

You can download a XML file with the example: policy-TestRoleCentricPEP.xml

Configure PEP

image-1628174409061.png

 

 

Back to top