Skip to main content

Example Web PEP

Web Policy Enforcement Point

Use case example

We want to define a policy to restrict access to some pages of the Soffid console user's page (MainMenu > Administration > Resources > Users).console.

The users who are assigned to the SOFFID_RRHH role (from this point forward: end-users) will have limitations to performaccess to some actions on the Soffid console users page:pages:


  1. The end-users only be able to query the information about the users who belong to the same"enterprise" group as primary groupgroup, thatcould them.not
    The end-users only be ableaccess to update the usersgroups withpage.
    2. internal user type.
  2. The end-users could not deleteaccess anyto userrole record.

    page.
  3. En other cases permit access.

XACML Editor

Policy set

First of all, we define a policy set. We need to define the subject, in that case users with SOFFID_RRHH role assigned.

 

&&TODO&& Definir y revisar

image-1627985848659.png

Policy

 

image-1627985535274.png

Rules

Deny accessto a user to a specific resource

image-1627985433678.png

Permit access to a specific user

image-1627985812268.png

Permit access to other users

image-1627981220287.png

Download XML

You can download a XML file with the example:&&TODO&& policy-TestWebPEP.xml

Configure PEP

image-1628230671130.pngimage-1628235091281.png

 

 

Back to top