Role based control in Identity Governance
Article ID: 250701
Updated On:
Products
Issue/Introduction
We use both IG and IP for the recertification process. IP is used for end user/reviewer for logging into the portal and completing the recertification.
IG is mostly for the developers and administrator who needs to get access for reassignments. As part of it, we tried to give admin monitor roles for some of the application owners who want to handle the reassignments through IG, so we want to create roles that will have visibility for only particular workflows/campaigns/universes.
Steps we used
1. Create a role in eurekify and give that role access to the user.
2. Clear the cache
3. Tried to log in with that user ID
Still, the user is able to see all the workflows which he should not have access to.
We need guidance to fix this issue and enhance our role-based access for the application owners.
Environment
Release : 14.4
Component : GovernanceMinder(Role & Compliance Manager)
Resolution
We needed to set the property sage.security.disable to false.
-
Be sure to add the appropriate Link Type resource so the user can navigate to the appropriate Certification screens in the Portal. For example, [Administration.NewCampaign]. The NewCampaign permission does not exist by default, but you can create it to enable access to this specific administration menu item in the Portal. Or, to enable all Administration menu items, you can use the permission [Administration.*].
-
Be sure to add the appropriate configuration permission so the user can add a certification to the configuration. For example, [CONFIGURATION] [RW],configuration_name.
-
Set the property sage.security.disable to false.
Feedback
