15.3.3.1. Procedure – Configuring authorization policies
Create an on the tab of the ZMC component. Click on , select from the combobox, and enter a name for the policy into the textbox.
Select the authorization model to use in the policy from the combobox. The following models are available:
: Authorize only users meeting a set of authorization conditions, for example, certain users, users belonging to specified groups, or any combination of conditions using the other authorization models.
: The client trying to access the service has to be authorized by one (or more) authorized clients. This model can be used to implement 4-eyes authorization solutions.
: Authorize only userpairs — single users cannot access a service, that is, only two different users (with different usernames) can access the service.
Tip NEyesAuthenticationandPairAuthenticationare useful when the controlled access to sensitive (for example, financial) data has to be ensured and audited.: Authorize only the members of the listed usergroups. This is a simplified version of the
BasicAccessListmodel.: Authorize only the listed users. This is a simplified version of the
BasicAccessListmodel.: Authorize any user but only in the set time interval. This authorization model does not require authentication.
Tip Use the
BasicAccessListauthorization model to combine user authentication with time-based authentication. For example, create a policy consisting of twoRequiredpolicies: PermitTime and PermitUser.
Configure the parameters of the selected authorization class. See Section 15.3.3.2, Authorization models of Zorp for the detailed description of the classes.
Navigate to the tab of the ZMC component, and select the service that will use the authorization policy.
In the section, select the to use from the combobox.
Published on May 30, 2024
© BalaSys IT Ltd.
Send your comments to support@balasys.hu
