Example Web PEP

Web Policy Enforcement Point 

 Use case example 

 We want to define a policy to restrict access to some pages of the Soffid console. 

 The users who are assigned to the SOFFID_RRHH role (from this point forward: end-users) will have limitations to access to some Soffid console pages: 

 

 The end-users who belong to the "enterprise" group as primary group, could not access to the groups page. 

 The end-users could not access to role page. 

 En other cases permit access. 

 

 XACML Editor 

 Policy set 

 First of all, we define a policy set.  

 

 Policy 

 Then, we can define a policy to manage the access. We need to define the subject, in that case users with SOFFID_RRHH role assigned. 

 Also, we can define a variable that contains the group name to establish the restrictions. 

 

 Rule 1 

 

 The end-users who belong to the "enterprise" group as primary group, could not access to the groups page. 

 

 

 Rule 2 

 

 The end-users could not access to role page. 

 

 

 Rule 3 

 

 En other cases permit access. 

 

 

 Download XML 

 You can download a XML file with the example: policy-TestWebPEP.xml 

 Configure PEP