Access Control List UI
Table of contents:
The Access Control List UI feature allows you to list, create and manage ACL rules.
Open it by selecting the Access Control List icon from the left navigation menu.
In order to view ACLs you must have an active ACL rule with at least VIEW permissions on RESOURCE_TYPE:ACL.
View ACL rules
Once you have opened the Access Control List UI feature you will see a list of all ACL rules.
Each entry is listed with the following information, separated in columns:
Subject - who uses the rule
Resource - the resource entity which is affected by the rule. When a specific DEVICE_CONFIG, its name will be a link to its detailed Device configuration view.
Action - the actual permissions that were granted i.e. what can the subject do with the resource
Delete icon - you can delete an ACL entry with the delete icon.
Search ACL rules
When the list of ACL rules grows finding the one of interest will become more time consuming.
Use the Search input field to search in all three columns altogether - Subject, Resource and Action.
Create an ACL rule
To create a new ACL rule go through the following steps:
Click the + icon on the right side of the view to open the New Access Control List rule dialog.
Select the Subject type that will use the rule. Can be GROUP (when authenticating with an IdM role) or CLIENT (when authenticating with an OAuth2 client).
Fill in the id for a specific Subject.
When GROUP is selected as a Subject type, you can benefit from a Subject auto-suggest with all assigned IdM roles. Just type in a symbol from the keyboard.
When CLIENT is selected as a Subject type, you have to paste the Client ID of your OAuth2 client. Copy it from the OAuth2 client details view of the specific client.
Select the desired Resource type e.g. DEVICE_CONFIG or RESOURCE_TYPE.
With DEVICE_CONFIG the scope of the rule will be within a particular device configuration, while with RESOURCE_TYPE the scope is global for all entries within a particular resource type.Select the specific Resource. The values will vary depending on the type that you selected above.
with DEVICE_CONFIG you will see a list of all device configurations that you are allowed to manage.
with RESOURCE_TYPE you will see a list of all resources e.g. ACL, AUDIT_LOG or DEVICE_CONFIG.
Select the desired Action i.e. the permissions that you grant to the subject over the resource.
Click Create.
Your new ACL rule will be listed in as part of the Access Control List.