Policy-based access control(PBAC) is a method for controlling user access to complex systems in which users' business roles are combined with certain well-defined policies to decide what access capabilities each role should have. These policies are called PBAC Membership policiesmembership policies. Policy-based access control considers roles as well as attributes when determining access privileges.
PBAC Membership policies are policies you create to specify the conditions under which an EmpowerID actor, such as a person or a Business Role and Location can be added to or potentially added to Management Roles, groups, Business Roles and Locations, or Query-Based Collections. PBAC Membership policies are comprised of Attribute-Based membership policies, which contain rules defining the field types, field type values, and rights needed by users for the system to add them to the target of the policy. In this article, we discuss the components of PBAC Membership policies and how to create and use them.
...