Authorization and policy's

Hey all,

okey, I have looked at the documentation,and I really cant figure out how to lock down dashboard for users that are NOT member of a given group. (Kind of missing an AuthorizedRole on the "New-UDDashboard to control this.)

yeah I got it working for Pages and the adminmode, but how do I disallow globally if users are NOT in an AuthorizedRole ?
also new-UDEndpoint dont have AuthorizedRole parameter, do I need to handle that by using the Get-UDAuthorizationPolicy ?

also are every Endpoint protected if they are under the New-UDPage with an AuthorizedRole ?

I guess this is mostly questions for @adam :smiley:

(Kind of missing an AuthorizedRole on the "New-UDDashboard to control this.)

Good point. Hadn’t really thought about globally disabling a user. Before all the other authentication methods popped into UD, you would have just done that in the script block that’s executed for logging in. With stuff like OpenID Connect, you don’t have this so there isn’t a good way to globally disable someone from accessing the dashboard.

yeah I got it working for Pages and the adminmode, but how do I disallow globally if users are NOT in an AuthorizedRole ?

This is really all you can do right now.

also new-UDEndpoint dont have AuthorizedRole parameter, do I need to handle that by using the Get-UDAuthorizationPolicy ?

New-UDEndpoint should have a AuthorizedRole added. That’s a miss on my page.

also are every Endpoint protected if they are under the New-UDPage with an AuthorizedRole ?

Endpoints are protected under a page that has an authorized role. They will receive the same policy and role protection as the page itself.

Thanks for getting back to me on this.

Should I create some Github feature request or something ? :slight_smile:

I could control it from the ADFS, but that part is out of my hands, and it’s controlled by another team, I really wanted to be able to control it in the dashboard :slight_smile:

Yep. Please open a GitHub issue for this. It shouldn’t be too bad to implement a global policy for the dashboard.

should I also make one for new-udendpoint?

Ah, yeah. That too. Thanks!!

any timeframe on implementing? :smiley:

This probably won’t make it into this month’s release (which should be out along with UA next week). It will make it into next month’s release but will likely be in a nightly build sooner than that.