Is there a way to transfer/save permissions mapping for external authentication sources?

0

I have a couple of servers that do authentication via some LDAP, ActiveDirectory or something. There is a permission mapping in place between the user groups and Axon.ivy permissions. If I want to change said mapping, do I have to manually do so on each server, or is there a file/table that I can write to? Question also applies for new installations.

asked 30.03.2020 at 06:46

sorin's gravatar image

sorin
(suspended)
accept rate: 100%

2 Answers:
active answersoldestnewestmost voted
0

Mappings between groups/users defined within an Axon.ivy Project to an Active Directory CN must be defined on the Axon.ivy Engine serving the workflow app.

In then Engine Cockpit roles can be defined with an 'external security name' reference. So once roles are linked like this to the Active Directory - they are fully under control of the AD administrator.

https://dev.axonivy.com/doc/8.0/engine-guide/tool-reference/engine-cockpit/security.html#role-detail

Basically these role/user mappings live in the system database of the Axon.ivy Engine. So you have to define it on the server for once. Many other security system configurations can be defined in files: see https://dev.axonivy.com/doc/8.0/engine-guide/configuration/files/ivy-securitysystem-yaml.html#ivy-securitysystem-yaml

link

answered 01.04.2020 at 02:52

Reguel%20Wermelinger's gravatar image

Reguel Werme... ♦♦
9.4k31958
accept rate: 70%

edited 01.04.2020 at 04:39

Thank you. The only relevant information for me is "Basically these role/user mappings live in the system database of the Axon.ivy Engine." Any idea in which table?

(01.04.2020 at 10:54) sorin sorin's gravatar image
1

You mean which user is which role? -> IWA_UserRole Or which user/role has which permission? -> IWA_SecurityDescriptor

(02.04.2020 at 02:13) Lukas Lieb ♦♦ Lukas%20Lieb's gravatar image
0

Set you security system configuration: enter code here

Set an external security name in your role configuration: alt text

Synchronize role. The role should now be mapped to the security system group: alt text

link

answered 01.04.2020 at 03:10

Lukas%20Lieb's gravatar image

Lukas Lieb ♦♦
4412412
accept rate: 61%

Thank you, but that's not what I asked

(01.04.2020 at 10:52) sorin sorin's gravatar image
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×19

Asked: 30.03.2020 at 06:46

Seen: 1,988 times

Last updated: 02.04.2020 at 02:13

Related questions

Lazy / On-demand Synchronization of LDAP Users

How to map AD group to Ivy role?

LDAP API call cache

Failed to deserialize ch.ivyteam.ivy.security.internal.jndi.JndiUser

Change Ivy 3.9 LDAP to LDAPS not working

Local and AD Users

How to read LDAP/Active Directory/Novell Directory-attributes of a user?

Trigger LDAP/AD role mapping by API

How to migrate Active Directory connection to LDAP(S) / SSL

Fast LDAP user lookup at runtime