Shape the future of IBM Security Verify
We invite you to shape the future of IBM, including the product roadmap, by submitting ideas that matter to you the most.
Here's how it works:
Post your ideas
Start by posting ideas and requests to enhance a product or service. Take a look at ideas others have posted and upvote them if they matter to you,
Post an idea
Upvote ideas that matter most to you
Get feedback from the IBM team to refine your idea
Submit a private idea
If you have confidential information or customer data to share with your idea, then - DO NOT submit using the link below, instead - please open a private feature request.
And finally - if its an issue with expected behaviour, a product defect or a support need, open a Support Case
Hi
On the error page with this code CSIAQ0279E, you have no authorization, we would like to have more data, for example the entitelment or what you have.
By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.
Hi,
We're not comfortable putting essentially unsolicited user profile information into a error page, please work with Jose to identify an alternative mechanism to resolve this problem. This might include Access Policy redirection to a specific page if an error condition is met.
Regards,
Philip
We are thinking about the situation where access is blocked by
entitlement.
If we could add a macro to that error page, with the entitlements that the
logged user have, we could use that information with javascript to
customize the error message.
The entitlements for us are based on the relationship of a user with our
organization. This information is confidential. will send you an email with
more details.
Regards
*Marcelo Oks*
Seguridad de la Informaci��n
Direcci��n de Procesos y Sistemas
----------------------------------------------------------------------------------------
OSDE - Filial Metropolitana
Av. Caseros 3233 - Piso 2 - (C1263AAB)
Ciudad Aut��noma de Buenos Aires
Tel: +54 (11) 2033-0139 Interno: 660139 Cel: +54 9 (11) 3684-7514
E-Mail: marcelo.oks@osde.com.ar
www.osde.com.ar
Hi,
If the access is blocked by Access Policy, then there are some mechanisms to determine the rule that blocked the access in the 'forbidden/error' page.
If the access is blocked by entitlement, I'm not sure there is an appropriatly deterministic mechanism to display dynamic error text that could guide a user to resolve it.
Usually there would be two steps to resolve:
- An admin would be required to grant access
- A user would 'request access' via the request access mechanism.
And you'd have to adjust your error text to give the appropriate guidance for your setup.
Regards,
Philip
Hi Philips
For example, if we had the available information, we could say, you do not belong to group X but you belong to group Y, maybe you are not accessing the application you have access to.
Thanks
Hi PHILIP
On each theme we have, we are using different entitlements to allow access. So if someone can't access, it may be for different reasons, and that depends on the roles the user has or hasn't. We would like to show different messages depending on the roles the user has, which would allow a more clear explanation of why they can't access. And also offer other accesses for that user.
Thanks
Hi,
Seeking more detail, what sort of information would you expect to be available?
The definition of an entitlement can be a bit ambigious, and an end user is unlikely to have any manipulation options to a group membership etc.
Can you share some examples of what you would consider a more useful message?
Thanks