Listings

Listings are groupings of resources presented to end users in the access catalog. Listings are the primary way that users see, understand, and request access in Oblique.

Learn more about listings Learn more about listings.

Roles and role mapping

Listings contain one or more roles, and each role maps to any number of resources.

Listings and roles help you organize and make sense of access. When a user requests and is granted a role, they are automatically granted access to all resources mapped to that role. Role mappings let you present access in terms that make sense to end users. For example, a role for a SCIM-enabled Okta app might map to both an Okta group for SSO provisioning and a separate Okta group for group push for an in-app role — but the end user just sees and requests a single role. The underlying resources are hidden from the end user by design.

Roles are ordered within a listing. This is to help Admins both organize listings and guide end users as to the appropriate roles to use. For example, ordering roles from least to most privileged helps users understand the impact of their request and dissuades over-requesting permissions. In many situations, roles won’t be strictly hierarchical, for example, a Billing Admin role may have no overlapping permissions with a Configuration Admin role.

Because roles don’t always expand on one another, a user can hold multiple roles for the same listing. For example, a user with a Viewer role for a listing can request an Editor role for the same listing.

Supported resources

Resources must be in push mode to be mapped to a listing.

Only some kinds of resources can be mapped to a listing:

• Okta groups
• Google groups

Listing visibility

Listings can be in one of two visibility states:

• Public: the listing is fully set up and actively using Oblique to manage access. The listing is visible throughout Oblique: in the access catalog, user, group and teams profiles, and access history. Users can request access to the listing.
• Unlisted: the listing is being drafted or deprecated. The listing is hidden from the access catalog, but access changes still appear to end users in access history and requests. Only Admins can request access to the listing.

Caution

An unlisted listing is not private — its existence can still be discovered by end users, such as seeing changes to their own access in the access changes timeline on their profile.

To make a listing visible, you publish it. Changing the visibility of a listing does not change the access tied to that listing — listings are a user-facing representation of entitlements, not the entitlements themselves. Publishing a listing doesn’t create entitlements, and unpublishing doesn’t revoke entitlements.

Create a listing

You must be an Admin to create a listing.

You can create an entitlement from the Access page:

1. Select Add listing.
2. Under Display name, enter the name of the listing. For example, this could be the application name.
3. Under Description, enter a description of the listing. Help users find the correct listing by describing what it should be used for, for example, what kind of application it is.
4. Optionally, under Visibility, change the selected visibility.
5. In the Roles section, select Add role.
6. For each role, enter a Display name and Description for the role. For example, this could be the specific role in an application, e.g., “Editor”, and what this role should be used for, e.g., “To create new folders”.
7. For each role, select Add resource, and select one or more resources that are mapped to that role.
8. Select Save.
9. Repeat steps 5-8 to add additional roles as needed.
10. Select Create listing.

A listing will not be requestable by end users unless its visibility is public and it has at least one role.

Edit a listing

You can edit a listing’s name and description; visibility; roles, role mappings, and role names and descriptions; and owners.

To edit role assignments for a listing, see Grant access.

Edit listing name or description

You must be an Admin or listing owner to edit a listing's name or description.

To edit a listing’s name, from the listing detail page:

1. Select Manage listing.
2. Under Display name, edit the name.
3. Select Save.

To edit a listing’s description, from the listing detail page:

1. Select Manage listing.
2. Under Description, edit the description.
3. Select Save.

Edit a listing’s visibility

You must be an Admin or listing owner to edit a listing's visibility.

To edit a listing’s visibility, from the listing detail page:

1. Select Manage listing.
2. Under Visibility, select the new visibility. Select Public to publish the listing in the app catalog, and Unlisted to unpublish it from the app catalog.

The visibility change is saved and automatically applied.

Edit listing role mappings

You must be an Admin to edit a listing's role mappings.

Change resources mapped to a role

To change the resources mapped to existing roles, from the listing detail page:

1. Select Manage listing.
2. In the Roles section, find the role row, and select Edit.
3. Under Resources, select Edit resources.
4. Select or unselect the desired resources, then click out of the resources list.
5. Select Save.

Add a new role to a listing

To add a new role to a listing, from the listing detail page:

1. Select Manage listing.
2. In the Roles section, select Add role.
3. Enter a Display name and Description for the role. For example, this could be the specific role in an application, e.g., “Editor”, and what this role should be used for, e.g., “To create new folders”.
4. Select Add resource, and select one or more resources that are mapped to that role.
5. Select Save.

The new role is added.

Remove a role from a listing

To remove an existing role from listing, from the listing detail page:

1. Select Manage listing.
2. In the Roles section, find the role row, and select Remove.
3. Select Delete role.

The role is deleted.

Edit listing role name or description

You must be an Admin or listing owner to edit a listing's roles' names or descriptions.

To edit a role’s name or description, from the listing detail page:

1. Select Manage listing.
2. In the Roles section, find the role row, and select Edit.
3. Under Display name, edit the name.
4. Under Description, edit the description.
5. Select Save.

Edit listing owners

You must be an Admin or listing owner to edit a listing's owners.

To edit a listing’s owners, from the listing detail page:

1. In the Owners section, select Edit.
2. To add an owner, search for and select the users or groups you wish to add as owners. To remove an owner, find the line for the owner you wish to remove, and select Remove.
3. Select Save.

Delete a listing

You must be an Admin or listing owner to delete a listing.

To delete a listing, from the listing detail page:

1. Select Manage listing.
2. At the very bottom, select Delete listing….
3. Select Delete listing.

The listing is deleted.

Deleting a listing will not change who has access to the associated resources; it will just remove the listing as a unit of organization in Oblique. To only remove the listing from the access catalog, consider unpublishing the listing instead.