Skip to main content

Example Web PEP

Web Policy Enforcement Point

Use case example

We want to define a policy to restrict access to some pages of the Soffid console.

The users who are assigned to the SOFFID_RRHH role (from this point forward: end-users) will have limitations to access to some Soffid console pages:

  1. The end-users who belong to the "enterprise" group as primary group, could not access to the groups page.
  2. The end-users could not access to role page.
  3. En other cases permit access.

XACML Editor

Policy set

First of all, we define a policy set. 

image-1628237637437.png

Policy

Then, we can define a policy to manage the access. We need to define the subject, in that case users with SOFFID_RRHH role assigned.

 

Also,

&&TODO&&we Definircan ydefine revisara variable that contains the group name to establish the restrictions.

image-1627985848659.pngimage-1628237773318.png

PolicyRule 1

The end-users who belong to the "enterprise" group as primary group, could not access to the groups page.

image-1628238106719.png

 

image-1627985535274.png

Rule

Rules2

Deny accessto a user to a specific resource

image-1627985433678.png

The

Permitend-users could not access to arole specificpage.

user

image-1627985812268.pngimage-1628238134714.png

Rule 3

Permit access toEn other userscases permit access.

image-1627981220287.pngimage-1628238162313.png

Download XML

You can download a XML file with the example: policy-TestWebPEP.xml

Configure PEP

image-1628235091281.png

 

 

Back to top