32. One Identity безопасность

22 января 2020 г.

11:28

Разрешения для запуска скриптов изи API

What's new in 7.1 in regards to the scripts, ist that the REST API will block the execution of script if you script does not have a program function assigned, for security reasons. The authenticated user must be entitled to use the same program function.

This is an addition to the requirements, that the authenticated user must be entitled to use the program function "Allow the starting of arbitrary scripts from the frontend" in order to execute a script in general.

Note: To keep things simple, this program function is allowed to be the Common_StartScript program function.

https://www.oneidentity.com/community/identity-manager/f/forum/21567/calling-scripts-via-application-server-restful-api-using-common_startscripts-permission-not-working

Assignment to Scripts

If a script is assigned a program function (table QBMScriptHasFeature), the user can only run this script if the necessary program function is granted to him. An error occurs if the user does not own this program function and tries to run it.

To make a script available to users using a program function

Connect the script with the program function.
1. Select the category Permissions | Program functions in the Designer.
2. Select the program function and assign the script.
  - Select View | Select table relations... in the menu and enable the table DialogScriptHasFeature. You can assign the script on the Script tab displayed in the edit view.
Assign a permissions group to the program function.

https://support.oneidentity.com/technical-documents/identity-manager/8.0.2/configuration-guide/40

Keys	Action
`?`	Open this help
`n`	Next page
`p`	Previous page
`s`	Search