UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21. Read more.
UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21.Read more.
201 views

idmdash Access-Application Itesm trustees

Jump to solution

Hi,

there is a way to assign trustees to the Application Items on idmdash massively?

With IDApps 4.8.0 and the new search entitys engine  is annoying to configure manually via web the trustees.

For example we have a application item that we need to add like 200 groups, looking the object created in cn=NavItems,cn=UIConfig,cn=AppConfig,cn=UserApplication there is no ACLs stablish so i infer that this configuration is storaged in the user application database.

1 Solution

Accepted Solutions

Hi.

I do not have the answer for you, but I would look at requests sent from the browser to the REST APIs when you configure this manually in the GUI and try and replicate that request using invoke-rest-endpoint in a driver.

REST calls can be seen using the browsers developer tools (F12) and network tab.

Lets us know what you find.

Best regards

Marcus

View solution in original post

5 Replies

Hi.

I do not have the answer for you, but I would look at requests sent from the browser to the REST APIs when you configure this manually in the GUI and try and replicate that request using invoke-rest-endpoint in a driver.

REST calls can be seen using the browsers developer tools (F12) and network tab.

Lets us know what you find.

Best regards

Marcus

View solution in original post

Hi Marcus,

Thanks for your help, seems like the rest endpoint used in the GUI is:

/IDMProv/rest/access/config/access: Saves the modified user access properties in client settings by updating client specific JSON.

im going to do some tests.

0 Likes

The solution was to use the /IDMProv/rest/access/config/access?client=1 rest endpoint.

Thanks

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Are you asking, if you can hide/show elements of the GUI via permissions?  And you need 200 specific principals in those permmission lists?

 

if so, on the Tomcat instance, in conf, look for a clients.json file.  Inside it is a list of 'clients' as defined in the GUI when you login as a UA Admin, then upper right, settings, and Configure.  Those settings are per 'client' (first side tab, and defaults to null-query which is everytone.  After that, and LDAP query defines the members of the next client. (I assume overlapping ones match the first).

So make a new client defined by some query for testing.

It saves a 1.json or 2.json and all the settings are in that file.

Then for your 200 prinicples that need access, can you add them as part of the JSON array inside that file that grants access?

 

Or are you looking for something else?

 

Also there is a way to store this in the DB vs the file system for clustered setups and I forget how to do that this second.

 

Not really, what are we looking for is create Home Items on the /idmdash/#/landing page and then assign trustees,so members of many groups (in this case 200) can only access this Home Item.

Via the GUI is a manual task where you need to search the groups - clic on each one and then save the changes, what we are looking is how to do this massively, it seems like the IDMProv rest endpoint /IDMProv/rest/access/config/access can do this job i am doing some test to confirm it.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.