Skip to main content

Example Web PEP

Web Policy Enforcement Point

Use case example

We want to define a policy to restrict access to the Soffid console user's page (MainMenu > Administration > Resources > Users).

The users who are assigned to the SOFFID_RRHH role (from this point forward: end-users) will have limitations to perform some actions on the Soffid console users page:


The end-users only be able to query the information about the users who belong to the same primary group that them.
The end-users only be able to update the users with internal user type.
The end-users could not delete any user record.

XACML Editor

Policy set

&&TODO&& Definir y revisar

image-1627985848659.png

Policy

 

image-1627985535274.png

Rules

Deny accessto a user to a specific resource

image-1627985433678.png

Permit access to a specific user

image-1627985812268.png

Permit access to other users

image-1627981220287.png

Log

Download example

XML 
PolicySet
You TestWebPEPcan 2: MATCHES
> Policy WebPolicy2 1: MATCHES
> - Rule Deny access to bob todownload a specificXML resource:file DENYwith >the -example:&&TODO&&

Rule
Configure PermitPEP

access
image-1628230671130.png

to
 

admin: NOT APPLICABLE
> - Rule Permit access to other users: PERMIT
> Decision: DENY
Decision: DENY

 

Back to top