Hiding tabs in Ubisecure SSO Management - Ruleset.xml example
The following examples will all show to hide tabs from specified sites in Ubisecure SSO Management. Typicaly uses are for separation on duties purposes or for simplifying the management view by removing unused features. Site managers will not be able to access the tabs. Users in System Administrator roles will be able to see all tabs. See also Ubisecure SSO Server Management Guide for ruleset.xml configuration instructions.
Step-by-step guide
To create a configuration where there are two sites "Applications" and "Evaluation Program" and under each site
- there is a users site, where only user information can be modified
- there is a groups site, where only group settings can be modified
- there is a agents site, where only agent settings can be modified
configure as below
Edit ubilogin/webapps/ubilogin/WEB-INF/ruleset.xml
ruleset.xml<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> <properties> <entry key="ou=Applications,ou=demo.ubisecure.com,ou=NameOfSite,cn=Ubilogin,dc=demo,dc=ubisecure,dc=com"> site/groups site/users site/managedby </entry> <entry key="ou=Users,ou=demo.ubisecure.com,ou=NameOfSite,cn=Ubilogin,dc=demo,dc=ubisecure,dc=com"> site/agents site/methods site/mappings site/attributes site/managedby site/groups </entry> <entry key="ou=Groups,ou=demo.ubisecure.com,ou=NameOfSite,cn=Ubilogin,dc=demo,dc=ubisecure,dc=com"> site/agents site/methods site/mappings site/attributes site/managedby site/users </entry> <entry key="ou=Roles,ou=demo.ubisecure.com,ou=NameOfSite,cn=Ubilogin,dc=demo,dc=ubisecure,dc=com"> site/agents site/methods site/mappings site/attributes site/managedby site/users </entry> <entry key="ou=Users,ou=Evaluation Program,ou=NameOfSite,cn=Ubilogin,dc=demo,dc=ubisecure,dc=com"> site/agents site/methods site/mappings site/attributes site/managedby site/groups </entry> <entry key="ou=Groups,ou=Evaluation Program,ou=NameOfSite,cn=Ubilogin,dc=demo,dc=ubisecure,dc=com"> site/agents site/methods site/mappings site/attributes site/managedby site/users </entry> <entry key="ou=Roles,ou=Evaluation Program,ou=NameOfSite,cn=Ubilogin,dc=demo,dc=ubisecure,dc=com"> site/agents site/methods site/mappings site/attributes site/managedby site/users </entry> <entry key="ou=Users,ou=Ubisecure,ou=NameOfSite,cn=Ubilogin,dc=demo,dc=ubisecure,dc=com"> site/agents site/methods site/mappings site/attributes site/managedby site/groups </entry> <entry key="ou=Groups,ou=Ubisecure,ou=NameOfSite,cn=Ubilogin,dc=demo,dc=ubisecure,dc=com"> site/agents site/methods site/mappings site/attributes site/managedby site/users </entry> <entry key="ou=Roles,ou=Ubisecure,ou=NameOfSite,cn=Ubilogin,dc=demo,dc=ubisecure,dc=com"> site/agents site/methods site/mappings site/attributes site/managedby site/users </entry> <entry key="ou=Users,ou=Organization ABC,ou=Hidden Tabs,ou=IAM Demo,ou=IAM Academy,cn=Ubilogin,dc=demo,dc=ubisecure,dc=com"> site/agents site/methods site/mappings site/attributes site/managedby site/groups </entry> </properties>
Deploy changes to the SSO application server
cd ubisecure-sso/ubisecure/config config/tomcat/update.sh OR cd ubisecure-sso\ubisecure\config tomcat\update.sh
- During future system upgrades, remember to copy the ruleset.xml from the ubisecure-old directory.
Remember, a superuser account will see all tabs.
Related articles