ForgeRock Controller
Identity Management
Authorisation Requirements (access.js)
In order to access all managed APIs via REST, please ensure your access.js file located in PROJECT_HOME/script/access.js contains the following permissions. Please note, it is completely up to the end user to lock down and restrict access to APIs based on customer requirements, the below are only a guide, so please ensure your permissions are set according to your security requirements. For further details, please see [backstage.forgerock.com/docs/idm/6.5/integrators-guide/#access-js Understanding the Access Configuration Script (access.js)]
// Anyone can read from these endpoints
{
"pattern" : "info/*",
"roles" : "*",
"methods" : "read",
"actions" : "*"
},
{
"pattern" : "health/*",
"roles" : "*",
"methods" : "read",
"actions" : "*"
},
// additional rules for openidm-admin that selectively enable certain parts of system
{
"pattern" : "maintenance",
//"roles" : "internal/role/openidm-authorized",
// "roles" : "internal/role/openidm-admin",
"roles" : "*",
"methods" : "action",
"actions" : "*"
},