Skip to main content

Example Web PEP

Web Policy Enforcement Point

Use case example

We want to define a policy to restrict access to some pages of the Soffid console.

The users who are assigned to the SOFFID_RRHH role (from this point forward: end-users) will have limitations to access to some Soffid console pages:

  1. The end-users who belong to the "enterprise" group as primary group, could not access to the groups page.
  2. The end-users could not access to role page.
  3. En other cases permit access.

XACML Editor

Policy set

First of all, we define a policy set. 

image-1628237637437.png

Policy

Then, we can define a policy to manage the access. We need to define the subject, in that case users with SOFFID_RRHH role assigned.

Also, we can define a variable that contains the group name to establish the restrictions.

image-1628237773318.png

Rule 1

The end-users who belong to the "enterprise" group as primary group, could not access to the groups page.

image-1628238106719.png

Rule 2

The end-users could not access to role page.

image-1628238134714.png

Rule 3

En other cases permit access.

image-1628238162313.png

Download XML

You can download a XML file with the example: policy-TestWebPEP.xml

Configure PEP

image-1628235091281.png