Users of Identity and Access Management (IAM) generally belong to at least one IAM group or roles in order to follow IAM security best practises. A collection of IAM users is referred to as an IAM user group.
Membership: EmpowerID allows dynamic assignment of users to a group’s membership or role using role-based delegations. Assignees can be any EmpowerID Actor type, such as Business Role and Location combinations, Management Roles, Query-Based Collections and other groups or roles.
For Example, we can create a dynamic group membership for anyone assigned to a specific Business Role and Location. Thus, any person who belongs to that Business Role and Location is automatically added to the group or role as a member.
Permissions: permissions are nothing but rights to do certain things in the system. User groups or roles allow you to specify permissions for many users, making it easier to manage those users permissions.
Membership and permissions are configured for birthright access by EmpowerID using four simple steps as depicted in the image below:
Grant Who: which users to grant the access.
Type of access: which type of access to be granted.
Where: which resources or location the user will get access to.
How long : for how long the access will be granted.
Key Takeaways:
EmpowerID allows dynamic assignment of users to a group’s membership using role-based delegations.
Permissions are nothing but rights to do certain things in the system.
Membership and permissions can be configured for birthright access by EmpowerID.