Customizing Policies

This chapter describes how to customize policies:

  • Customizing access policies

Customizing Access Policies

DirX Identity allows protecting objects via access policies.Per default access control and access policies are defined for a set of standard objects.You can define access control for

  • Objects in DirX Identity that are already defined but are not yet protected via access policies.

  • Your own defined custom objects.

To enable access control for an object type, perform these steps:

  • Adapt the object description for the object type.

  • Create the necessary access policies.

Adapting Object Descriptions

To enable an object type for access control, add this attribute definition to the object element:

accesscontrol="true"

This enables access control for this object type. It is checked by the service layer and the corresponding access policies.

Creating Custom Access Policies

If an object type is enabled for access control, you need to set up the corresponding access policies. Otherwise access to this object type is no longer possible through Web Center, Business User Interface or Manager.

Due to the fact, that the list of object types that is supported by default does not contain all available object types (for example dxrAuditPolicy is not part of the list), use this procedure to set up additional policies:

  • Create a new access policy and configure it for example for object type User.

  • Click this new access policy in the tree view and perform Goto DataView.

  • Edit the object and change the dxrObjectType attribute to the required value (for example dxrAuditPolicy or MyPrivateObject).

  • Save the object.

Whenever you change the operation of the access policy you must setup the object type value again.