# Example Web PEP

## Web Policy Enforcement Point

### Use case example

We want to define a policy to restrict access to some pages of the Soffid console.

The users who are assigned to the SOFFID\_RRHH role (from this point forward: end-users) will have limitations to access to some Soffid console pages:

1. The end-users who belong to the "enterprise" group as primary group, could not access to the groups page.
2. The end-users could not access to role page.
3. En other cases permit access.

### XACML Editor

#### Policy set

First of all, we define a policy set.

[![image-1628237637437.png](https://bookstack.soffid.com/uploads/images/gallery/2021-08/scaled-1680-/image-1628237637437.png)](https://bookstack.soffid.com/uploads/images/gallery/2021-08/image-1628237637437.png)

#### Policy

Then, we can define a policy to manage the access. We need to define the subject, in that case users with SOFFID\_RRHH role assigned.

Also, we can define a variable that contains the group name to establish the restrictions.

[![image-1628237773318.png](https://bookstack.soffid.com/uploads/images/gallery/2021-08/scaled-1680-/image-1628237773318.png)](https://bookstack.soffid.com/uploads/images/gallery/2021-08/image-1628237773318.png)

#### Rule 1

> The end-users who belong to the "enterprise" group as primary group, could not access to the groups page.

[![image-1628238106719.png](https://bookstack.soffid.com/uploads/images/gallery/2021-08/scaled-1680-/image-1628238106719.png)](https://bookstack.soffid.com/uploads/images/gallery/2021-08/image-1628238106719.png)

#### Rule 2

> The end-users could not access to role page.

[![image-1628238134714.png](https://bookstack.soffid.com/uploads/images/gallery/2021-08/scaled-1680-/image-1628238134714.png)](https://bookstack.soffid.com/uploads/images/gallery/2021-08/image-1628238134714.png)

#### Rule 3

> En other cases permit access.

[![image-1628238162313.png](https://bookstack.soffid.com/uploads/images/gallery/2021-08/scaled-1680-/image-1628238162313.png)](https://bookstack.soffid.com/uploads/images/gallery/2021-08/image-1628238162313.png)

### Download XML

<p class="callout info">You can download a XML file with the example: [policy-TestWebPEP.xml](https://bookstack.soffid.com/attachments/22)</p>

## Configure PEP

[![image-1628235091281.png](https://bookstack.soffid.com/uploads/images/gallery/2021-08/scaled-1680-/image-1628235091281.png)](https://bookstack.soffid.com/uploads/images/gallery/2021-08/image-1628235091281.png)