In EmpowerID, PBAC membership policies are policies we create to specify the conditions under which an EmpowerID actor, such as a person or a business role and location, can be added to or potentially added to management roles, groups, business roles and locations, or query-based collections. PBAC membership policies are comprised of comprise attribute-based membership policies, which contain rules defining the field types, field type values, and rights needed by users for the system to add them to the target of the policy.
...
EmpowerID’s PBAC Membership policies are a special particular type of policy that connects the world of attribute-based real-time dynamic access to the traditional model of granting permissions within applications and systems. For example, PBAC membership policies allow the flexible attribute and role-based assignment model to determine who should be a member of which groups or roles in EmpowerID.
The primary building blocks of PBAC membership policy is are depicted in the below overview diagram.
...
Create a PBAC Attribute Type - PBAC field type or an attribute is a connector used to connect an EmpowerID actor( e.g., a person) to a PBAC membership policy target( e.g., a group).
Add value to PBAC attribute Type - PBAC field type or attribute has some values that is used to compare for membership of an actor(e.g., Person) to a target( e.g., Group).
Add PBAC Attribute Type to an Actor - PBAC field type or attribute should be added to an EmpoerID actor( e.g., a Person).
Create a PBAC Mambership Membership Policy - It is required to create a PBAC membership policy so that we can use it for a target type( e.g., a GoupGroup).
Add PBAC Attribute Type to PBAC Membership Policy - PBAC field type or attribute should be added to a PBAC membership policy.
Verify the Result - After the PBAC membership policy is compiled, we can verify the result. ForexampleFor example, after the PBAC membership policy is compiled, it will add the actor ( e.g., person) to a target ( e.g., a group)
Related
...