Birthright Access

Birthright rules determine access that should be automatically granted if certain conditions are true. Is is usually done by setting up a certain business rule, so that a user that has a certain job title would automatically be assigned roles specific to that job function. Setting business rules can be done in business rules engine of OpenIAM.

Use the matrix and examples below to define these rules

Rule NameInclusion criteriaAccessExclusion criteria
Criteria that determines when a person should get the defined access.Entitlements in that a person should get when the inclusion criteria are true.Criteria that prevents a user from getting the defined birthright access.

Example: Accounts payable role

Rule NameInclusion criteriaAccessExclusion criteria
Account payableDepartment="Finance" and Title="Account payable agent"AD Group=Account Payable, AD Group=Finance, Shared folder= /some path/finance team, MyERP application Access = Payables agent roleRole=Invoice approval

A specific information on how to define birthright and set business rules are given in Birthright section of Administration Guide.