Role-Based Access Control (RBAC) is a framework designed to allow organizations to more efficiently manage permissions across applications and other protected IT resources.
The EmpowerID RBAC model is one that reflects the Resource-Based Access Control paradigm; the platform is resource-centric, not role-centric. This allows organizations to focus on what they are protecting.
EmpowerID has a three-tiered RBAC model.
Business Role: Business Role is a user-defined hierarchical container for grouping people. For more details please click here.
Management Role: Management roles are also known as functional roles. For more details please click here.
Technical Role: Technical roles are also known as resource roles or access level assignments. This is used to authorize operations performed in EmpowerID or grant native permissions to be pushed to external systems.
Three central identities in the EmpowerID role management system are as below:
Core Identity: Core identity is a top-level identity that represents a human being. One core identity can be linked to multiple person identities (or personas) that may have separate access. These all personas are the same person (core identity).
Person: Person object(persona) is a separate identity in EmpowerID using which RBAC assignments are made to connected system accounts, managed resource objects, and delegated operations.
Account: Accounts are technology-based identities associated with external systems such as active directory, LDAP, HR, CRM, or cloud-based applications identities.
Key Objects of the EmpowerID RBAC Model