Designing access roles
This section helps to define roles which can be used to limit what users can do in OpenIAM. The two sections below break this up by SelfService and webconsole portals.
Define what a person can do in OpenIAM
SelfService portal access
The self-service portal offers a broad range of functionality. You may not want to expose all functionality to all people. To manage this, you should consider defining a roles matrix using the table below.
OpenIAM Menu Option | End User Role | Role 2 | Role 3 |
---|---|---|---|
My Info | |||
My Applications | |||
Request approval | |||
- My approvals | |||
- Request history | |||
- Request administration | |||
Access Management | |||
- Manage user | |||
- Access profiles | |||
- New user | |||
- New user - no approver | |||
- Bulk upload | |||
Self-service center | |||
- Change password | |||
- Change password extended | |||
- Challenge response | |||
- Directory lookup | |||
- My Devices | |||
- My Sessions | |||
- Edit your profile | |||
User Access | |||
- View My Access | |||
- View Direct Reports |
Admin portal access
The admin portal should be used by a limited set of people. Like the Self-service portal, access is role based. It's possible to define limited access roles for helpdesk, user admin, etc. By default, the Super Security Admin role has access to all features.
OpenIAM Menu Option | End User Role | Role 2 | Role 3 |
---|---|---|---|
User Admin | |||
- User search | |||
- Create new user | |||
- Orphan management | |||
Access Control | |||
- Content provider | |||
- Resource type | |||
- Access certification | |||
- Organization types | |||
- Group | |||
- Authentication providers | |||
- Role | |||
- Organization | |||
- Resource | |||
- Access rights | |||
- Business rules | |||
- Menus | |||
- OTP Providers | |||
Provisioning | |||
- Synchronization | |||
- Connectors | |||
- Managed system | |||
- Source adapter configuration | |||
Policy | |||
- Password policy | |||
- Authentication policy | |||
- Authentication rule | |||
Report | |||
Administration | |||
- Configure IT Policy | |||
- Metadata type s | |||
- UI Themes | |||
- Languages | |||
- Custom fields | |||
- System configuration | |||
- Batch tasks | |||
- Log viewer | |||
- Page template | |||
- Sequence generators | |||
- Groovy manager | |||
- Directory lookup configuration | |||
- Self-registration configuration | |||
- About OpenIAM | |||
- Challenge response questions | |||
- Reconciliation history | |||
- GEO Location DB | |||
- Reindex Elastic search | |||
- RESTFul API Documentation | |||
- Kibana Dashboard | |||
- RabbitMQ Admin | |||
- Mail template Editor |