> On Dec 19, 2016, at 8:53 AM, Shawn McKinney <[email protected]> wrote:
>
> it could be broken up like this:
>
missed a few:
- USERS
—— password maintenance
—— temporal constraints
—— role assignments
—— inetorgperson attrs
—— system attrs
- RBAC (role-based access control objects)
—- ROLES
—- POBJS (permission objects)
—— PERMS (permission operations)
—— SSDS (static separation of duty constraints)
—— DSDS (dynamic separation of duty constraints)
- ARBAC (administrative role-based access control objects)
—— ADMRLES (admin roles)
—— ADMOBJS (admin permission objects)
—— ADMPERMS (admin permission operations)
—— OUUSRS (user organizational units setup)
—— OUPRMS (permission organizational units setup)
- PLCYS (maintain password policies)
—— OpenLDAP
- GROUPS
—— USER Groups
—— ROLE Groups
- AUDIT
—— BINDS (Authentication log)
—— AUTHZ (Authorization log)
—— MODS (Administrative Operations log)
These menu options are controlled by role assignments. The ‘test’ user won't
by default have access to the last few menu options (pwpolicy , groups and
audits).
test can be assigned the additional role by adding the following statement to
the FortressWebDemoUsers.xml:
<adduserrole>
...
<userrole userId="test" name="fortress-web-group-admin-user" />
</adduserrole>
and rerunning:
mvn install -Dload.file=./src/main/resources/FortressWebDemoUsers.xml
or, you can do same using commander:
Pull up the user in user list panel, click on record, goto RBAC Role
Assignments detail panel, put role name in new role and click ‘assign’.
Thanks,
Shawn
