You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Authorization
Managing access within a large organization poses significant challenges, particularly in ensuring compliance with security policies. Different applications and use cases often require varying approaches to authorization policies. Some situations call for a structured role-based approach, while others demand real-time contextual decisions. To address this complexity, organizations commonly adopt one of three access control models: Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), or Policy-Based Access Control (PBAC). Each model has its own advantages and limitations, and none can comprehensively cover all aspects of access control. EmpowerID takes a unique approach by implementing a hybrid access control model, combining the structure and policy definition of RBAC with the flexibility and contextual nature of ABAC and PBAC.
EmpowerID's hybrid approach empowers organizations to concentrate on safeguarding their resources and the associated actions. EmpowerID Operations, which are discrete units of protected code responsible for executing specific actions on resource objects, enable users to carry out these actions. However, users must possess the appropriate operations to execute these actions. Simplifying access control, EmpowerID groups operations into Access Levels, which are then aggregated into Management Roles. Management Roles represent bundles of operational capabilities aligned with job roles, facilitating swift and tailored resource assignments to users based on their job functions. Furthermore, these assignments can be further refined based on user attributes such as time of day, IP addresses, and devices utilized. By amalgamating the strengths of RBAC, ABAC, and PBAC, EmpowerID provides a versatile and all-encompassing solution for access control management.