Unable to render embedded object: File (Emp18Notice.png) not found.
Skip to end of banner
Go to start of banner

glossary

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

---title: Glossary of Terms---

Glossary of Terms

Authorization Object - A group that represents a specific access assignment in an application or directory system.The group can either be a security group in Active Directory or a generic group in EmpowerID that represents a groupor role in a target application. Authorization Package/Business Function - Management Roles are used to represent Authorization Packages AKA BusinessFunctions in EmpowerID. An Authorization Package is a business-designed bundle of access required to complete a BusinessFunction or for participation in a team or working group. Authorization packages bundle access across multiple systemsand present a single non-technical assignable unit of access. The Management Role allows this flexibility and enablesthe business owners to create friendly non-technical descriptions and manage the governance cycle of these packages. Core Identity - Single entity per human or IoT. A core identity can be the owner of multiple person objects. Person - A Person is an object in EmpowerID that represents a human being. A Person typically owns multiple user accounts in “external�systems such as Active Directory, Azure AD, Facebook, SAP, etc. > Personas - A person’s core identity can be linked to multiple sub-person objects which are the professional identities — i.e. have thebusiness information attached Accounts - Accounts are users that are inventoried from external systems and may or may not have a single person assigned as the owner.Accounts such as service identities can be managed but do not always require a person object for management. Often a personobject will be created anyway to leverage the ease of assigning RBAC policies for group membership and other access. Accountsin Social Media systems or web applications are linked to a person to facilitate single sign-on between systems. OrgRole - “Business Role� always assigned in conjunction with an Organizational Location. EmpowerID Business Roles are displayed ina tree and assigned in conjunction with a Location. OrgZone - “Organizational Location� / Business Context always assigned in conjunction with a Business Role. For resources that aren’tperson objects, Locations are used to organize them into hierarchies for management of inherited access policies. Polyarchical RBAC - Business Roles and Locations are both hierarchical trees. People are assigned to one or more Business Roles each for a specific Location/Context. This polyarchy dramatically reduces the number of roles and eliminates role bloat. Company - People belong to companies via their Business Role and Location assignments. EmpowerID RBAC Actor Types - Objects representing collections of people to which policies can be assigned. These include: Person, Group, Management Role Definition, Management Role, Query-Based Collection, Business Role and Location Management Role - Management Roles are user-defined containers holding collections of Access Levels that have been packaged together into responsibility or job-based bundles to allow for the quick and easy bulk assignment of access to resources from across multiple systems.They are like groups in EmpowerID that are not limited to granting access to only the resources in a single system. ManagementRoles have a single level hierarchy, inheriting access from their Management Role Definition.
  • No labels