Birthright Access
Birthright rules determine access that should be automatically granted if certain conditions are true. Is is usually done by setting up a certain business rule, so that a user that has a certain job title would automatically be assigned roles specific to that job function. Setting business rules can be done in business rules engine of OpenIAM.
Use the matrix and examples below to define these rules
| Rule Name | Inclusion criteria | Access | Exclusion criteria |
|---|---|---|---|
| Criteria that determines when a person should get the defined access. | Entitlements in that a person should get when the inclusion criteria are true. | Criteria that prevents a user from getting the defined birthright access. |
Example: Accounts payable role
| Rule Name | Inclusion criteria | Access | Exclusion criteria |
|---|---|---|---|
| Account payable | Department="Finance" and Title="Account payable agent" | AD Group=Account Payable, AD Group=Finance, Shared folder= /some path/finance team, MyERP application Access = Payables agent role | Role=Invoice approval |
A specific information on how to define birthright and set business rules are given in Birthright section of Administration Guide.