Managing resources
In OpenIAM, Resources serve as entitlements, similar to Roles and Groups. They define access to various system components and are an integral part of access control.
Types of resources
The following types of resources are relevant in OpenIAM:
- Managed System
- Manual Managed System
- Authentication Provider
Unlike Groups and Roles, these resource types are not manually created through Access Control > Resources > Create New Resource. Instead, OpenIAM automatically generates them when creating corresponding objects, such as an Authentication Provider, Managed System, or Manual Managed System.
Resource entitlements
While it is technically possible to assign a resource directly to a user in the User Entitlements > Resources section, this practice is discouraged. OpenIAM follows the Role-Based Access Control (RBAC) model, and direct entitlements should be avoided whenever possible.
That said, the User Entitlements > Resources section provides visibility into the resources a user is entitled to.
Resource ownership and administration
The Resource Editing template includes two important fields:
- Resource Owner – A user or group responsible for owning the resource.
- Resource Admin – A user or group responsible for administering the resource.
These fields are crucial in defining request and approval workflows in SelfService.
For a user to request access to a resource via SelfService, an approver association must be configured to establish the appropriate workflow. More details on this process can be found in the Requests tutorial.