AnsweredAssumed Answered

Need an authorization mechanism for policies invocable by IIP users, which can be migrated/setup using gmu

Question asked by PuneetKhurana83 on Jul 3, 2017
Latest reply on Aug 3, 2017 by Stephen_Hughes

We have some policies for which authorization is based on 'groups' defined in IIP. Now, we are looking to automate the process of setting up these policies and all associated resources in a new gateway instance using GMU (and restman). But though we are able to migrate users, restman does not seem to provide any option to create a group or to associate users with a group.
Due to this limitation, we also looked at using 'roles' to authorize users instead of 'groups'. But it seems the roles functionality is only for defining administrative permissions and cannot be used for authentication/authorization inside policies.
Can anyone please suggest if there are any options to manage IIP 'groups' in an automated manner via some API (Restman or any other) or to use 'roles' to define authentication/authorization within policies?