By: Guy Parker user 08 Nov 2017 at 10:17 a.m. CST

2 Responses
Guy Parker gravatar
I don't think this is currently possible (apologies if I've missed it)... Currently there appears to be just 2 levels of access to the Gluu UI (oxTrust): Admin and User. Larger organizations would benefit from more granularity in roles/permissions or being able to restrict access to some Admin features based on the user group. For instance an additional level of access that allows for user administration but not server administration would allow a tech support person to resolve user issues without exposing all the server configuration administration pages and the risk of potentially damaging changes.

By William Lowe staff 08 Nov 2017 at 11:13 a.m. CST

William Lowe gravatar
Guy, Currently the manager and user roles are defined within the `securit.drl` file and are hard-coded into oxTrust. So updating this would require some significant work. Of note, however, is that we are in the process of scoping a major overhaul to oxTrust where we would [expose APIs for everything](https://github.com/GluuFederation/oxTrust/issues/762). In addition to improving functionality, this would make enforcing access policies in oxTrust much more flexible. We are scoping this enhancement for Gluu Server 3.2.0, which would be available sometime in the first half of 2018. If you want to discuss further, feel free to email me at will[at]gluu.org. Thanks, Will

By Guy Parker user 09 Nov 2017 at 3:36 a.m. CST

Guy Parker gravatar
Very interesting. Looking forward to seeing that! Thanks