You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Overview of PBAC Membership Policies
- Phillip Hanegan
Policy-Based Access Control (PBAC) Membership Policies in EmpowerID serve as a crucial mechanism for defining the criteria under which various actors (like individuals or members of roles and groups) are granted access to specific Management Roles, groups, and collections. These policies form a bridge between dynamic, attribute-based access control and traditional permission-granting models within applications and systems.
Key Aspects of PBAC Membership Policies
Definition and Purpose
PBAC Membership Policies are created within EmpowerID to specify conditions for adding EmpowerID actors to entities like Management Roles, groups, Business Roles and Locations, or Query-Based Collections. This inclusion is based on predefined attributes and roles, facilitating a flexible and dynamic access control environment.
Composition
These policies comprise attribute-based membership rules, which are essentially sets of conditions defined by:
Field Types: The specific categories of data or attributes relevant to the policy.
Field Type Values: The actual values within those categories that are considered for policy enforcement.
User Rights: The necessary permissions or rights a user must have to be included under the policy.
Functionality
When EmpowerID's PBAC engine compiles these policies, it actively scans for actors that match the policy's criteria. Upon finding a match, the system automatically adds these actors to the designated target of the policy, such as a specific group or role.
Â