Authorizations rules

In this article, we will see how to define a Rule to assign an authorization to a user coming from an LDAP source automatically.

Reminder

A Rule is the combination of Criteria and Actions, actions will be triggered if the criteria are met.
A rule is defined by its logical operator: AND or OR.
- AND = All criteria must be met
- OR = One of the criteria must be met
The rules engine for entitlements runs ALL rules. So pay attention to their consistency / order.

To define a rule, go to the menu Administration > Rules> Rules for assigning authorizations to a user.
Add a new rule by clicking on add

Criteria

It is necessary to define one or more criteria. In our case we have to tap on the LDAP criteria.

GLPI allows you to select multiple LDAP attributes, for example:

Once your criteria has been selected, you must define how GLPI should take this criteria into account by defining an operator, for example:

Let´s take a specific case. I want to establish a rule for my users who are members of a group containing the term SECURITY in the name.

Reminder:

An authorization is the combination of the following three concepts:

Example :

User

Profile

Entity

John

technicien

Infrastructure

Transformed into an enabling rule:

Our criteria being defined, we can now create at least two actions necessary to affect a profile and an entity.

GLPI also allows you to influence on other objects or user status, for example:

At this step our rule is functional.

Users with SECURITY in their MemberOf attribute will be Technician in the Infrastructure entity.

To know

The rule will be applied when users log in or at each LDAP synchronization with GLPI.

Last updated 2 months ago

Was this helpful?