Managing Access

The Access Control in OpenIAM is a central service allowing the user to:

  • Determine the accounts and the entitlements that each user should have in application. When combined with the business rules engine, it can also be used to determine birthright access.
  • Control what can users do within the OpenIAM interface - which modules can person access, which fields are visible, and which ones are hidden, etc.
  • Control what applications a user can SSO to.
  • Provide an API that can be used to provide authorization services to another application.

Like the Authentication service, the Access Control service (aka Authorization Manager) is an essential platform service.

This section describes:

  • How the authorization manager works
  • How can user define new access control objects
  • How can user extend created model to map to their applications.

Detailed information on the Access Control service functions are described in following sections: