1. Manuals
  2. Brands
  3. Novell Manuals
  4. Software
  5. ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
  6. Manual

Using Access Manager Policies To Enforce Authorization; Creating An Employee Role And A Manager Role - Novell ACCESS MANAGER 3.1 SP1 - AGENT GUIDE Manual

J2ee* agent guide
Hide thumbs
Table of Contents

Advertisement

http://<Application_Server_DNS_Name>:<port>/payroll
Replace
application server. Replace
to use.
8 Log in as a user who matches the condition to receive the Employee role and access the My
Page and the Manager Page.
9 Log out and log in as a user who matches the condition to receive the Manager role. Access the
My Page and the Manager Page.
As a manager you can add Employee Records. Then when employees log in, their records are
displayed on My Page.
7.2 Using Access Manager Policies to Enforce
Authorization
The following scenario explains how to set up Access Manager policies that permit Managers to
access the manager pages in the sample payroll application, deny Employees access to the manager
pages, but permit Employees and Managers access to their own information pages. These policies
do not require any J2EE server configuration to correctly enforce the policies.
Section 7.2.1, "Creating an Employee Role and a Manager Role," on page 86
Section 7.2.2, "Creating Authorization Policies," on page 88
Section 7.2.3, "Assigning Policies to Protected Resources," on page 93
Section 7.2.4, "Testing the Configuration," on page 94

7.2.1 Creating an Employee Role and a Manager Role

If you have a particular application that requires more than one role, and it is the only application
using these roles, you might want to create one role policy that assigns users to the required roles.
The following steps explain how to create one role policy that assigns users to the Manager role and
the Employee role.
1 In the Administration Console, click Devices > Policies.
2 Click New, specify a name for the role policy, select Identity Server: Roles as the type, then
click OK.
3 For the first rule, click New, create a condition that matches your managers but not your
employees, activate the Manager role, then click OK.
The following rule uses the LDAP OU condition to determine whether the user is a manager. It
assumes that all managers are in the ou=managers,ou=payroll,o=novell container.
86
Novell Access Manager 3.1 SP1 Agent Guide
<Application_Server_DNS_Name>
<port>
with the DNS name or the IP address of your
with the port number you have configured the J2EE Agent

Advertisement

Table of Contents
loading

Related Manuals for Novell ACCESS MANAGER 3.1 SP1 - AGENT GUIDE

Related Content for Novell ACCESS MANAGER 3.1 SP1 - AGENT GUIDE

This manual is also suitable for:

Access manager 3.1 sp 1

Table of Contents