Designing access roles

This sections helps to define roles which can be used to limit what users can do in OpenIAM. The two sections below break this up by Self-service and Admin portals.

Define what a person can do in OpenIAM

Self-service portal access

The self-service portal offer a broad range of functionality. You may not want to expose all functionality to all people. To manage, this you should consider defining a roles matrix using the table below.

OpenIAM Menu OptionEnd User RoleRole 2Role 3
My Info
My Applications
Request approval
- My approvals
- Request history
- Request administration
Access Management
- Manage user
- Access profiles
- New user
- New user - no approver
- Bulk upload
Self-service center
- Change password
- Change password extended
- Challenge response
- Directory lookup
- My Devices
- My Sessions
- Edit your profile
User Access
- View My Access
- View Direct Reports

Admin portal access

The admin portal should be used by a limited set of people. Like the Self-service portal, access is role based. Its possible to define limited access roles for helpdesk, user admin, etc. By default, the Super Security Admin role has access to all features.

OpenIAM Menu OptionEnd User RoleRole 2Role 3
User Admin
- User search
- Create new user
- Orphan management
Access Control
- Content provider
- Resource type
- Access certification
- Organization types
- Group
- Authentication providers
- Role
- Organization
- Resource
- Access rights
- Business rules
- Menus
- OTP Providers
Provisioning
- Synchronization
- Connectors
- Managed system
- Source adapter configuration
Policy
- Password policy
- Authentication policy
- Authentication rule
Report
Administration
- Configure IT Policy
- Metadata type s
- UI Themes
- Languages
- Custom fields
- System configuration
- Batch tasks
- Log viewer
- Page template
- Sequence generators
- Groovy manager
- Directory lookup configuration
- Self-registration configuration
- About OpenIAM
- Challenge response questions
- Reconciliation history
- GEO Location DB
- Reindex Elastic search
- RESTFul API Documentation
- Kibana Dashboard
- RabbitMQ Admin
- Mail template Editor