Managing Access
The Access Control in OpenIAM is a central service allowing the user to:
- Determine the accounts and the entitlements that each user should have in application. When combined with the business rules engine, it can also be used to determine birthright access.
- Control what can users do within the OpenIAM interface - which modules can person access, which fields are visible, and which ones are hidden, etc.
- Control what applications a user can SSO to.
- Provide an API that can be used to provide authorization services to another application.
Like the Authentication service, the Access Control
service (aka Authorization Manager
) is an essential platform service.
This section describes:
- How the authorization manager works
- How can user define new access control objects
- How can user extend created model to map to their applications.
Detailed information on the Access Control service functions are described in following sections:
- Overview of the OpenIAM Access Control model
- Access rights
- Managing roles
- Managing groups
- Custom entitlement types
- Configure approval workflows
- Importing entitlements
- Managing resources
- Managing organizations
- Managing access within OpenIAM using menus
- Enabling access to SSO applications
- Configuring the content provider