Add new role to configuration UI
This document is written for PhenixID Server.
The reader should have some basic knowledge about PhenixID Server.
This document describes how to add a new role to configuration UI.
Overview
A default user for the configuration UI is created during installation of PhenixID Server.
This user will by default have full access to the configuration UI.
This document will describe how to create a new role that will only have access to the tab "REPORTS".
Please make sure to have a backup copy of the configuration before adding the new settings.
Add new internal user
Log in to the configuration UI, go to the "Advanced" tab and press the pencil to the right of "Internal users".
Make a copy of the existing user (phenixid by default). So you get a new section like this example:
{
"id": "phenixid",
"password": "{enc}jy58WmoTTsOUdFnS/dpoWokvikLim2NkEaZw7XxTb68=",
"description": "Default system administrator account",
"roles": "sysadmin"
},
{
"id": "reportsuser",
"password": "{enc}CSzOeSq1nsPITZ1+QFU9VJiTJv4+4lahJfhZV/amJAI=",
"description": "User for reports",
"roles": "reporting"
}
So in the example above we have created the new user reportsuser, a password has been set for the new user and the role "reporting" has been set.
NOTE: No changes should be made to the default internal user, phenixid in the example above.
When done press Stage changes/Commit changes.
Add new user to the reporting role
This change is made in the file /config/boot.json. So please open this file in a text editor.
Locate the module for the tab "REPORTS":
{
"name": "com.phenixidentity~phenix-prism-report",
"enabled": "true",
"config": {
"display_name": "Reports",
"base_uri": "report",
"requires_role": "sysadmin"
}
}
Copy this section and paste it just below the default one. Now change the values for base_uri and requires_role. like the example below.
{
"name": "com.phenixidentity~phenix-prism-report",
"enabled": "true",
"config": {
"display_name": "Reports",
"base_uri": "report2",
"requires_role": "reporting"
}
}
Since we have made changes in boot.json a restart of the service is required.
After restart, login with the new internal user. Only the tab "REPORTS" should be visible.