Layer7 Access Management

Expand all | Collapse all

SiteMinder WorkSpace access to Child-level Objects for other types of Scoped Administrators

  • 1.  SiteMinder WorkSpace access to Child-level Objects for other types of Scoped Administrators

    Posted 10-01-2015 02:11 PM

    Description & Error Message: We have several applications protected in SiteMinder. With each application having its own defined domain. Each policy domain for each application has a policy called POLICY_APPName_OUTAGE that allows us, when enabled, to redirect  external clients to an outage page when our developers are performing application maintenance tasks (I.e. upgrading applications).

     

    There's a group in our organization that I would like to have the ability to access ONLY the outage policy. I only want them to enable and disable the policy. I don't want them to access the other areas of the Policy Domain of each application i.e. anything in the General, Realms, Reponses, Rule Groups and or Variables tab.

     

    I tried to create a workspace and associate a scoped user to the workspace. But the workspace only allows me to select the entire Policy Domain for each Application as available and or read-only.  This would give the user access to the entire apps configuration in Siteminder.

     

    Because we foresee there may be different roles logging onto the Siteminder Admin UI to perform different tasks, there may be a need to gain access to child-level objects when creating a workspace to assign to a scoped administrator.

     

    From the Siteminder documentation it mentions, "A workspace defines a subset of CA SiteMinder® policy data that can be used to limit the scope of an administrator to which it is assigned.

    Note: A scoped administrator can only manage the top-level objects (and their children) that are defined in the assigned workspace, regardless of their privileges. Add all top-level objects that you want the scoped administrator to be able to manage."

     

     

    In future releases, will Siteminder have the ability to get more granular, so only the user has access to child objects like the outage policy defined within each Application Policy Domain. It would be a benefit.

     

    Thanks



  • 2.  Re: SiteMinder WorkSpace access to Child-level Objects for other types of Scoped Administrators

    Posted 10-01-2015 04:05 PM

    I think this needs to be moved as an idea rather than a discussion.

     

    As suggested currently the UI allow to define control definitions only at top level objects and percolate the access control to all child objects.

     

     

    2015-10-01 16_00_34-SiteMinder Administrative UI _ Create Workspace - Opera.png



  • 3.  Re: SiteMinder WorkSpace access to Child-level Objects for other types of Scoped Administrators

    Posted 10-01-2015 04:06 PM

    Discussions can't be converted ideas, so please create a new idea.