UMRA – Web Based Portal Access Control Security Model at 5:49 PM

Have Questions? Email Me: Email Me Click Here

Tools4Ever’s Product Downloads Below.
Download User Management Resource Administrator > Download
Download Self Service Password Reset Manager SSRPM > Download
Download Enterprise Single Sign On Manager > Download

If you want to learn the basics on how to connect to UMRA with its COM object, please see my original post on “Basics of UMRA COM”.

UMRA – Web Based Portal Access Control Security Model

Anytime you build a UMRA based portal, or we build a UMRA based portal for our clients, one of the biggest steps in development is the creation of the Security Model, or in other words your Role Based Access Types RBAC. These security / delegated permissions can range from just one type of RBAC type to access the portal, or it can be an array of RBAC types with different Roles in the portal. For example, some of our clients might use a UMRA based portal only for Password Resets that are delegated out to Secretaries of a school or business there for, the Security Model wont need to be that large, since only one type of user is entering the portal. However, if you have Secretaries being able to change active directory passwords, and you want managers, to have the ability to update active directory attributes, you will need to have multiple types of RBAC types, since you don’t want to delegate the ability to secretaries to change users active directory attributes. Now you’re most likely asking yourself, what is the best way to go abouts setting up a Security Model for your UMRA based portal? Almost 95% of the time when I develop portals for our clients, they use Group Based Access, so if someone is in GROUP X in active directory, we will consider this type of user “Admin” for example.

So this is one way of figuring what type of a Security Model is looking at the users active directory group memberships to determine what type of user they are, or what type of RBAC type they are. As I’ve mentioned above, you can search a users groups for “Group X” if a user has this ground in there memberof attribute (the memberof attribute contains all DN’s of groups in active directory), then we can label this user as Type X user. Now if a user has multiple Groups you have designated for RBAC types, you can either display a drop down to the user upon login, for them to select what type of ROLE they want to be in when they enter the portal.

Now this is one way to setup a Security Model on your UMRA based portal. In my next blog I will talk about creating a METABASE for your figuring our your RBAC types. I hope this helps any of you out there with trying to do such a task, if you have questions feel free to ask.