subject:"\[Dev\] How to Write a XACML policy to restrict user admin operations on user stores"

Re: [Dev] How to Write a XACML policy to restrict user admin operations on user stores

2017-12-06 Thread Denuwanthi De Silva

You can create a custom listener by extending ' AbstractIdentityUserOperationEventListener'. Our default provisioning listener is written in that way[1]. You can refer that and create your custom listener and overide the method you would like to invoke the XACML PDP. You can invoke the PDP using

Re: [Dev] How to Write a XACML policy to restrict user admin operations on user stores

2017-12-05 Thread Denuwanthi De Silva

Hi, You can define userstore in XACML in follwoing format http://wso2.org/identity/user/user-store-domain *" Category=" http://wso2.org/identity/user; DataType=" http://www.w3.org/2001/XMLSchema#string;