Designing access roles
This sections helps to define roles which can be used to limit what users can do in OpenIAM. The two sections below break this up by Self-service and Admin portals.
Define what a person can do in OpenIAM
Self-service portal access
The self-service portal offer a broad range of functionality. You may not want to expose all functionality to all people. To manage, this you should consider defining a roles matrix using the table below.
| OpenIAM Menu Option | End User Role | Role 2 | Role 3 |
|---|---|---|---|
| My Info | |||
| My Applications | |||
| Request approval | |||
| - My approvals | |||
| - Request history | |||
| - Request administration | |||
| Access Management | |||
| - Manage user | |||
| - Access profiles | |||
| - New user | |||
| - New user - no approver | |||
| - Bulk upload | |||
| Self-service center | |||
| - Change password | |||
| - Change password extended | |||
| - Challenge response | |||
| - Directory lookup | |||
| - My Devices | |||
| - My Sessions | |||
| - Edit your profile | |||
| User Access | |||
| - View My Access | |||
| - View Direct Reports |
Admin portal access
The admin portal should be used by a limited set of people. Like the Self-service portal, access is role based. Its possible to define limited access roles for helpdesk, user admin, etc. By default, the Super Security Admin role has access to all features.
| OpenIAM Menu Option | End User Role | Role 2 | Role 3 |
|---|---|---|---|
| User Admin | |||
| - User search | |||
| - Create new user | |||
| - Orphan management | |||
| Access Control | |||
| - Content provider | |||
| - Resource type | |||
| - Access certification | |||
| - Organization types | |||
| - Group | |||
| - Authentication providers | |||
| - Role | |||
| - Organization | |||
| - Resource | |||
| - Access rights | |||
| - Business rules | |||
| - Menus | |||
| - OTP Providers | |||
| Provisioning | |||
| - Synchronization | |||
| - Connectors | |||
| - Managed system | |||
| - Source adapter configuration | |||
| Policy | |||
| - Password policy | |||
| - Authentication policy | |||
| - Authentication rule | |||
| Report | |||
| Administration | |||
| - Configure IT Policy | |||
| - Metadata type s | |||
| - UI Themes | |||
| - Languages | |||
| - Custom fields | |||
| - System configuration | |||
| - Batch tasks | |||
| - Log viewer | |||
| - Page template | |||
| - Sequence generators | |||
| - Groovy manager | |||
| - Directory lookup configuration | |||
| - Self-registration configuration | |||
| - About OpenIAM | |||
| - Challenge response questions | |||
| - Reconciliation history | |||
| - GEO Location DB | |||
| - Reindex Elastic search | |||
| - RESTFul API Documentation | |||
| - Kibana Dashboard | |||
| - RabbitMQ Admin | |||
| - Mail template Editor |