Chapter 18. Managing self-service rules using the IdM Web UI

This chapter introduces self-service rules in Identity Management (IdM) and describes how to create and edit self-service access rules in the web interface (IdM Web UI).

18.1. Self-service access control in IdM

Self-service access control rules define which operations an IdM entity can perform on its IdM Directory Server entry: for example, IdM users have the ability to update their own passwords.

This method of control allows an authenticated IdM entity to edit specific attributes within its LDAP entry, but does not allow add or delete operations on the entire entry.

Warning

Exercise care when working with self-service access control rules: configuring access control rules improperly can inadvertently elevate an entity’s privileges.

18.2. Creating self-service rules using the IdM Web UI

This procedure describes how to create self-service access rules in IdM using the web interface (IdM Web UI).

Prerequisites

Procedure

  1. Open the Role-Based Access Control sub-menu in the IPA Server tab and select Self Service Permissions.
  2. Click Add at the top-right of the list of the self-service access rules:

    Adding a self-service rule

  3. The Add Self Service Permission window opens. Enter the name of the new self-service rule in the Self-service name field. Spaces are allowed:

    Form for adding a self-service rule

  4. Select the check boxes next to the attributes you want users to be able to edit.
  5. Optional: If an attribute you would like to provide access to is not listed, you can add a listing for it:

    1. Click the Add button.
    2. Enter the attribute name in the Attribute text field of the following Add Custom Attribute window.
    3. Click the OK button to add the attribute
    4. Verify that the new attribute is selected
  6. Click the Add button at the bottom of the form to save the new self-service rule.
    Alternatively, you can save and continue editing the self-service rule by clicking the Add and Edit button, or save and add further rules by clicking the Add and Add another button.

18.3. Editing self-service rules using the IdM Web UI

This procedure describes how to edit self-service access rules in IdM using the web interface (IdM Web UI).

Prerequisites

Procedure

  1. Open the Role-Based Access Control sub-menu in the IPA Server tab and select Self Service Permissions.
  2. Click on the name of the self-service rule you want to modify.

    Editing an existing self-service rule

  3. The edit page only allows you to edit the list of attributes to you want to add or remove to the self-service rule. Select or deselect the appropriate check boxes.
  4. Click the Save button to save your changes to the self-service rule.

18.4. Deleting self-service rules using the IdM Web UI

This procedure describes how to delete self-service access rules in IdM using the web interface (IdM Web UI).

Prerequisites

Procedure

  1. Open the Role-Based Access Control sub-menu in the IPA Server tab and select Self Service Permissions.
  2. Select the check box next to the rule you want to delete, then click on the Delete button on the right of the list.

    Deleting a self-service rule

  3. A dialog opens, click on Delete to confirm.