You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

Authorization

Managing access for a large organization can be a challenging task, especially when it comes to ensuring compliance with security policies. Different types of applications and use cases require different approaches to authorization policies, with some requiring a more structured role-based approach while others necessitate real-time contextual decisions. To address this complexity, organizations often adopt one of three access control models: Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), or Policy-Based Access Control (PBAC). Each of these methods has its own strengths and limitations, and no single approach can cover all aspects of access control. To offer a comprehensive solution, EmpowerID employs a hybrid access control model that combines the structure and policy definition of RBAC with the flexibility and contextual nature of ABAC and PBAC.


The hybrid approach adopted by EmpowerID allows organizations to focus on protecting their resources and the actions that can be performed on them. EmpowerID Operations, which are blocks of protected code that execute specific actions on resource objects, enable users to perform resource actions. However, to perform these actions, users must have the operations that allow them to do so. To simplify access control, EmpowerID groups operations into Access Levels, which are then combined into Management Roles. Management Roles are collections of operational capabilities packaged as job-based bundles, allowing for quick and easy assignment of resources to users based on their job functions. These assignments can be further customized based on user attributes such as time of day, IP addresses, and devices used. By combining the strengths of RBAC, ABAC, and PBAC, EmpowerID offers a flexible and comprehensive solution for managing access control.

Getting Started





Key Concepts

Key Concepts

Access Levels

Access Levels

Management Roles

Management Roles

Business Roles and Locations

Business Roles and Locations

Query Based Collections

Query Based Collections

Visibility

Visibility

PBAC Membership Policy Overview

PBAC Membership Policies