Example Role centric PEP
Role centric Enforcement Point
PolicyUse setcase example
We want to define a policy to restrict access to the Soffid console role's page ( > Administration > Resources > Roles).
The users who belong to the "enterprise" group as primary group (from this point forward: end-users) will have limitations to perform some actions on the Soffid console roles page.
- The end-users could query all the roles information.
- The end-users could update any role in the information systems "ERP RRHH"
- The end-users could not create any role.
- The end-users could not delete any role.
XACML Editor
Policy set
First of all, we define a policy set. We need to define the subject, in that case users who belong to "enterprise" as primary group.
ThatThen, we can define a policy setto containmanage onythe onedifferent policy.actions that the end-users could perform.
Policy
The policy will apply to an only one user. That policy will be to protect the role resource.
Rules
The policy has four rules, one for each available action that the users could perform.
Download XML
You can download a XML file with the example: policy-TestRoleCentricPEP.xml
Configure PEP