cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
☑ This topic is solved. Need further help from the community? Please sign in and ask a new question.
RobWanders1
Fluorite | Level 6 RobWanders1
Fluorite | Level 6
Go to Solution

Can I create a rule that is applied to multiple Object URIs (URIs containing a specific substring)

Posted 11-15-2023 10:53 AM (905 views)

Hi,

 

I have made some rules on Viya that allow members of a self-made User Admin group (UG_UserAdmin_<group1>) to manage another usergroup (UG_<group1>). 

Object uri

Principal

Setting

Permissions

Description

/identities/groups/UG_<group1>/userMembers/*

UG_UserAdmin_<group1>

Grant

Create, Update, Delete

UG_UserAdmin_<group1> can add or remove members of the

UG_<group1> group

/identities/groups/UG_<group1>

UG_UserAdmin_<group1>

Grant

Read

 UG_UserAdmin_<group1> see the UG_<group1> group

 

We have sets of rules like this for many different User Groups & corresponding User Admin Groups. This works like intended, but I would like to create a Global User Admin Group, that can administer all User groups. I know I can make this Global User Admin Group member of all individual User Admin Groups, but in some cases a User group does not have a User Administrator group, but I still want the Global User Admin Group to be able to administer this group.  Allowing the Global User Admin Group to administer ALL groups would not be an option either, because the Global User Admin Group should only be allowed to administer a selection of the groups.

Is it possible to create a rule that is applied to Object Uri's following a certain naming convention. For example, I would like to apply a rule to every Object uri containing a certain substring ("/identities/groups/UG_" in this example)

0 Likes
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
gwootton
SAS Super FREQ gwootton
SAS Super FREQ

Re: Can I create a rule that is applied to multiple Object URIs (URIs containing a specific substrin

Posted 11-15-2023 12:55 PM (879 views)  |   In reply to RobWanders1
I don't think you can add a wildcard next to a prefix in the Object URI.
I would try using the Object URIs /identities/groups/*/userMembers/* and /identities/groups/*, then add a condition on the request URI containing UG_. For example something like:
requestUri().contains('/identities/groups/UG_')
--
Greg Wootton | Principal Systems Technical Support Engineer

View solution in original post

Reply
2 REPLIES 2
gwootton
SAS Super FREQ gwootton
SAS Super FREQ

Re: Can I create a rule that is applied to multiple Object URIs (URIs containing a specific substrin

Posted 11-15-2023 12:55 PM (880 views)  |   In reply to RobWanders1
I don't think you can add a wildcard next to a prefix in the Object URI.
I would try using the Object URIs /identities/groups/*/userMembers/* and /identities/groups/*, then add a condition on the request URI containing UG_. For example something like:
requestUri().contains('/identities/groups/UG_')
--
Greg Wootton | Principal Systems Technical Support Engineer
Reply
RobWanders1
Fluorite | Level 6 RobWanders1
Fluorite | Level 6

Re: Can I create a rule that is applied to multiple Object URIs (URIs containing a specific substrin

Posted 11-16-2023 03:33 AM (859 views)  |   In reply to gwootton

Thanks for your reply! Your solution didn't quite work, but in the documentation about rule conditions here I found this table:

FunctionDescriptionType

contentType()

Content type of the target (for example, application/vnd.sas.credential.domain+json).

String

contentLength()

Length of the request.

long

uri()

URI of the target.

String

And it seems like I need to use uri() in my condition instead of requestUri(). I modified the rule to uri().contains('/identities/groups/UG_') and it works now.

Reply

sas-innovate-2024.png

Available on demand!

Missed SAS Innovate Las Vegas? Watch all the action for free! View the keynotes, general sessions and 22 breakouts on demand.

 

Register now!

Discussion stats
  • 2 replies
  • ‎11-15-2023 10:53 AM
  • 906 views
  • 3 likes
  • 2 in conversation