Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The bottom tier in the EmpowerID RBAC model is comprised of Technical Roles, which are comprises technical roles, known as Access Levels. Access Levels are the system or application-specific roles used to connect the policies in EmpowerID to the actual permissions those policies grant to resources contained within external systems or applications. The most common Access Level is “Member,” which is used to give a person or an EmpowerID role membership in external systems groups or application roles. A more advanced example of an Access Level would be the Mailbox Publishing Editor Access Level, which would grant permissions to a mailbox delivered as ACLs within Office 365. Access Levels can grant these “Rights” within external systems and “push” them out via the provisioning engine.

...

Access Levels are convenient bundles of Rights and Operations specific for a type of resource and are used for delegation. Rights are permissions used in an external system that EmpowerID can be managed by EmpowerIDmanage. Operations are code-based actions protected by EmpowerID (usually in workflows).

...

Operations are “protected bits of code” that are executed to perform these tasks in EmpowerID workflows or via its API. Operations can also be arbitrary, not performing any action just serving as a placeholder for applications to query and determine access.

Rights are representations of represent actual permissions used in an external system which that can be granted in EmpowerID via Access Level assignments. The EmpowerID enforcement engine will “push” these permissions out into the external system on schedule for any user to which they have been granted. Examples of rights include NTFS permissions for shared folders and mailbox acls in Microsoft Exchange.

...

Info

Related Docs Topics:

Access Levels

Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue