Example Web PEP

Web Policy Enforcement Point

Use case example

We want to define a policy to restrict access to some pages of the Soffid console.

The users who are assigned to the SOFFID_RRHH role (from this point forward: end-users) will have limitations to access to some Soffid console pages:

  1. The end-users who belong to the "enterprise" group as primary group, could not access to the groups page.
  2. The end-users could not access to role page.
  3. En other cases permit access.

XACML Editor

Policy set

First of all, we define a policy set. 

image-1628237637437.png

Policy

Then, we can define a policy to manage the access. We need to define the subject, in that case users with SOFFID_RRHH role assigned.

Also, we can define a variable that contains the group name to establish the restrictions.

image-1628237773318.png

Rule 1

The end-users who belong to the "enterprise" group as primary group, could not access to the groups page.

image-1628238106719.png

Rule 2

The end-users could not access to role page.

image-1628238134714.png

Rule 3

En other cases permit access.

image-1628238162313.png

Download XML

You can download a XML file with the example: policy-TestWebPEP.xml

Configure PEP

image-1628235091281.png

 

 


Revision #14
Created 3 August 2021 10:14:37 by pgarcia@soffid.com
Updated 6 August 2021 09:25:00 by pgarcia@soffid.com