API in wso2 identity server 5.7 to get fine grained access control list as a response if we pass role

1
votes

I am new to WSO2 identity server. Need some help in getting the role-based access control list.

I have one angular application. In that there is a menu like product list, add product, update product, delete product. Based on the role defined in this application I want to show the menu items to the user. For example, we have roles like admin, manager, user. For the admin-role I have to show all the menu items. For manager-role show add-product, update-product and for the user-role only product-list menu item.

So when the user login into my application based on the user role I want to show the menu list. To authenticate, create users, roles, user role mapping I used SCIM2 APIs of wso2 identity server 5.7.

I tried XACML but not succeeded. Please help me how to get the Role-based ACL.

1
wso2wso2is
Which method did you try? This? docs.wso2.com/display/IS570/…Sajith

1 Answers

0
votes

First get an idea about XACML terms PEP, PDP, PAP, PIP [1][2] might help you. You can think about PEP (Policy Enforcement Point) as per your angular application. In order to communicate with XACML PDP, you can use XACML REST APIs [3]. Regarding writing XACML policies for RBAC, you can have a look already available XACML template authn_role_based_policy_template

[1] https://wso2.com/library/tutorials/2016/02/tutorial-how-to-enable-role-based-access-control-for-wso2-api-manager-using-xacml/

[2] https://wso2.com/library/articles/2013/11/fine-grained-xacml-authoriation-with-pip-points/

[3] https://docs.wso2.com/display/IS570/Using+REST+APIs+via+XACML+to+Manage+Entitlement