Assigning and restricting the screen Assigned Roles to App Owners

Products Identity Manager Discussions & Questions
, ,
1

Hello guys,

Do you know if it’s possible to assign the access to the screen: Assigne Roles to the Application Owners and to restrict their access to the Categories the manage (as set in the screen Assigned Profiles) ?

Here is the only documentation that I found: Review Assigned Roles | Netwrix Product Documentation but there is no mention of using an AccessControlRule or anything else to filter the access.

Sincerely,

2

Hello Massil,

It is not possible yet but this feature should be released soon, it is currently in beta test.

Best,

Thomas

3

Thanks @THaudot for your reply !

@Maxxil Let me know if you are interested in testing this feature in beta, and I’ll send you the information.

4

Hello,

You can use this XML code with your application owner profile :

<!-- Access control rules for Assigned Roles Screen with a filter on category -->
<AccessControlRule Identifier="ApplicationOwner_Directory_User_Custom_ProvisioningPolicy_AssignedRoles_Directory_User" DisplayName_L1="Application Owner - Assigned Roles" DisplayName_L2="Propriétaire d'application - Rôles assignés" EntityType="Directory_User" Profile="ApplicationOwner">
    <Entry CanExecute="true" Permission="/Custom/ProvisioningPolicy/AssignedRoles/Directory_User" />
</AccessControlRule>

<AccessControlRule Identifier="ApplicationOwner_AssignedCompositeRole_Custom_ProvisioningPolicy_AssignedRoles_Directory_User" DisplayName_L1="Application Owner - Assigned Roles " DisplayName_L2="Propriétaire d'application - Rôles assignés " EntityType="AssignedCompositeRole" Profile="ApplicationOwner">
    <Filter Binding="Role.Category.Id" Category="true" />
    <Entry CanExecute="true" Permission="/Custom/ProvisioningPolicy/AssignedRoles/Directory_User" />
</AccessControlRule>

<AccessControlRule Identifier="ApplicationOwner_AssignedSingleRole_Custom_ProvisioningPolicy_AssignedRoles_Directory_User" DisplayName_L1="Application Owner - Assigned Roles " DisplayName_L2="Propriétaire d'application - Rôles assignés " EntityType="AssignedSingleRole" Profile="ApplicationOwner">
    <Filter Binding="Role.Category.Id" Category="true" />
    <Entry CanExecute="true" Permission="/Custom/ProvisioningPolicy/AssignedRoles/Directory_User" />
</AccessControlRule>

<AccessControlRule Identifier="ApplicationOwner_SingleRole_ProvisioningPolicy_AssignedRoles" DisplayName_L1="ApplicationOwner_SingleRole_ProvisioningPolicy_AssignedRoles" EntityType="SingleRole" Profile="ApplicationOwner">
    <Filter Binding="Category.Id" Category="true" />
    <Entry CanExecute="true" Permission="/ProvisioningPolicy/SingleRole/Query" />
</AccessControlRule>

<AccessControlRule Identifier="ApplicationOwner_Category_ProvisioningPolicy_AssignedRoles" DisplayName_L1="ApplicationOwner_Category_ProvisioningPolicy_AssignedRoles" EntityType="Category" Profile="ApplicationOwner">
    <Filter Binding="Id" Category="true" />
    <Entry CanExecute="true" Permission="/ProvisioningPolicy/Category/Query" />
</AccessControlRule>