Managing resources

Resources are responsible for many fields in OpenIAM. In this section, Resources are to be considered as one of the entitlement a user has, inline with Roles and Groups.

In this light, next types of Resources are of interest to a user:

  • Managed System
  • Manual Managed System
  • Authentication Provider

It is important to note that these types of Resources, unlike Groups and Roles, are never created via Access Control -> Resources and Create New Resource option. They are automatically created by OpenIAM when creating a respective object - Authentication provider, Managed System or Manual Managed System.

Theoretically, one can tie a user and a resource explicitly via adding a particular resource to a particular user directly in User Entitlements section. However, it is a bad practice since OpenIAM uses RBAC model for user entitlements and explicit entitlement is not recommended when following the model.

User Entitlements -> Resources section can be used for seeing what resource the user is entitled to.

Here, there are two fields in the Resource Editing template that might be of interest to a user - Resource owner and/or Resource Admin as shown below.

Resource Editing

Resource owner is a user or group of people who own this resource and Resource admin is a User or group of people who administer this resource. These values are used in request / approval workflow from SelfService (see Requests Tutorial for details on requests/approval via SelfService).

For a user to be able to request access to this or another Resource from SelfService, it is required to set approver association to configure a correspondent workflow.