If you already have the roles you require, then you can proceed to step 2, otherwise, you now need to create a new app role as shown in figure 8.1.1-2
Figure 8.1.1-2: WebApp App Registration create App role
For the Display name and Value, make sure to use the name of one of the current roles available for use as seen in section 8.3.
For the Allowed member types, ensure you have Users/Groups selected.
Description is up to the user.
Ensure that the app role is enabled.
After you have filled in the details, select Apply.
A completed App role can be seen in figure 8.1.1-3.
Figure 8.1.1-3: WebApp App Registration completed App role
Once you have your app role created, you will need to assign it to your group or user. The first thing you will need to do is browse to the managed application in the local directory or the Enterprise Application of the Web App.
After this, locate the Users and groups tab and select it as shown in figure 8.1.2-1.
Figure 8.1.2-1: WebApp App Enterprise Application overview
The next step is to add a new user/group as shown in figure 8.1.2-2. Note: If you already have a user or group you want to modify, ensure you select and edit that instead.
Figure 8.1.2-2: WebApp App Enterprise Application add user/group
You will then need to select the user and/or groups you want to assign the role to. After doing so, you need to select a role, ensure that it is the correct role and it is one that is applicable to the Web App. You should notice if you created an app role in the previous step it is available to be used.
A completed assignment is shown in figure 8.1.2-3.
Figure 8.1.2-3: WebApp App Enterprise Application completed assignment
Your user(s) should now have the correct corresponding permissions to the role granted to them when accessing the Web App.
The Web Application allows Administrators to grant permissions to users to allow them to have specific roles against specific entities. This allows for tighter control as a user or group can be given role permissions for single objects that may be applicable to them and their needs.
The Entity Role Map page can be accessed through the View Menu button shown in figure 8-1 and 8-2.
Figure 8.2-1: LockBox Main Page View Menu selection
Figure 8.2-2: LockBox Main Page EntityRoleMap selection
When browsing the EntityRoleMap page, a layout similar to figure 8.2.1-1 will be shown to you. Following the figure some more details will be provided on what each of these items represent.
Figure 8.2.1-1: EntityRoleMap page overview
Number | Object Name | Description |
---|---|---|
1 | Show rows selection | This allows the user to define how many rows of EntityRoleMaps they wish to view per page. At the time of writing, the selections available are 10, 25, 50 and 100. As can be seen in figure 8.2.1-1 at the bottom right of the page there is also a page selection to be able to browse through pages of created EntityRoleMaps. |
2 | Add Item | This allows the user to create a new Entity Role Map. More details of the creation process can be found in section 8.2.2.
|
3 | Edit Item | This allows the user to edit the currently selected Entity Role Map. This will take them to a new page which holds a form that is prefilled with the details of the selected Entity Role Map. More details of the Entity Role Map creation process can be found in section 8.2.2. |
4 | View Details | This allows the user to view the details of the Entity Role Map in a single page format. |
5 | Help | This allows the user to display some help text that gives a summary of the current web page. |
6 | Search | This allows the user to search for a Entity Role Maps by Type. The Entity Role Maps displayed will only be related to the search term input by the user. |
7 | Entity Role Map | This is an example of a created Entity Role Map. This represents a permission given to a group that is tied to a specific entity. It will allow the users within the group to interact with that entity with the permissions that are also listed in the mapping. The Updated by column is automatically filled in when a record is completed or modified with the corresponding email address of the user. |
This section will provide the user with an overview of the Entity Role Map creation process. It will step through each property of the Entity Role Map creation page and give details on what each of the properties do.
To initiate the creation process, we need add a new Entity Role Map, this is done by selecting the ‘Add Item' button. This will then take the user to a new page with a form listing the required parameters to create a new permission mapping. This is shown in Figure 8.2.2-1.
Figure 8.2.2-1: EntityRoleMap page Add Item button
After doing this, an image similar to Figure 8.2.2-2 will be visible to the user. Following this figure a table will explain what each of the properties are in detail.
Figure 8.2.2-2: EntityRoleMap page create item page overview
Number | Object Name | Input Type | Description |
---|---|---|---|
1 | Entity Id | Integer | This needs to match the Id of the specific entity you are trying to reference. This works with the Entity Type Name to map out the specific entity that has a permission being created for it. |
2 | Entity Type Name | DropDown | This allows the user to select what entity type you want to reference the Entity Id against. |
3 | Aad Group Uid | GUID | This allows the user to list the security group that will have the corresponding permission granted to them. |
4 | Application Role Name | DropDown | This allows the user to select the permission that will be granted to the security group. |
5 | Expiry Date | DateTime | This allows the user to set an expiry date for the permission. |
6 | Is Active | Checkbox | This allows the user to decide whether the permission will be initially active when it is created. |
Once a user or group has gotten proper permissions over a specific entity, they may have to modify the entity in a slightly different way if their current permissions are Reader on the overarching web page.
To modify an entity that the user has been given access to through the EntityRoleMap entry, browse to the page. In our example, we are following on from our created permission from section 8.2.2. First, we will browse to the SourceAndTargetSystems page and locate the specific entity, in our case with the Id -14. The next step is to view the details of the entity and then select the option to Edit it from there. You will now be able to modify and update your entity. Figures 8.2.3-1 and 8.2.3-2 show these steps.
Figure 8.2.3-1: SourceAndTargetSystems view details for System (-14)
Figure 8.2.3-2: SourceAndTargetSystems System -14 details
Figure 8.2.3-3: SourceAndTargetSystems System -14 edit page
This section contains a list of current roles available to be used within the Web Application.
Reader - Allows the user or group to view all pages within the Web Application and inspect the details of each entity on those pages.
Administrator - Allows the user or group to view all pages within the Web application and add, modify and delete all entities within the Web Application.
Note: If a role is given to a user on the EntityRoleMap page, that role is ONLY applicable in conjunction to the specific entity being referenced.