[midPoint] roles, objects and permissions in midPoint

Oleksandr Bodriagov (Polystar) oleksandr.bodriagov at polystar.com
Fri Apr 10 16:37:28 CEST 2015


Hi,

I have a question about roles, permissions, and objects in midPoint. According to NIST, "a role is essentially a collection of permissions", and permissions are relationships between operations and objects. MidPoint gives ability to define users, roles, and resources. It is not clear though how to define objects.

Our use case is as follows. We have a few RESTful web services to which we would like to control access using midpoint and our own access control server. Our permissions in this case would be something like:
  - read data from https://server1.com/whateever
  - modify report at https://server2.com/profile/whatever
  - read report at https://server2.com/profile/whatever

So, we have operations {read, modify, delete, ...} and objects {https://server1.com/whateever, https://server2.com/profile/whatever, ...}. We do not want midpoint to retrieve any information out of server1 or server2 whatsoever. Let's say that server1 and serever2 contain only financial information.  Our access control server receives a question if a user is allowed to perform some operation over some object. To answer this question the server should get user's permissions from midPoint using its REST API. We have setup a midPoint server with an embedded database. We have added users and roles, but we have no idea how to add our objects (simple URLs).  There is a notion of Resource in midPoint. It seems that resources are only used for propagation of users and roles from external databases or directories. Consequently, resource is not the same as RBAC object.

How should RBAC permission and objects be defined? Thank you in advance for your help.

Best regards,
Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150410/5da3c6f9/attachment.htm>


More information about the midPoint mailing list