Central administration of rights

Who can what? Everything at a glance!

If an identity management system also takes over the task of managing rights, it is called "Identity and Access Management", in short IAM. We will continue to speak of an identity management system in the following but for the sake of simplicity. Many advantages of an identity management system are only to be carried out when access rights are managed in the same system. Access management is a prerequisite for the technical forcing of security rules – see Compliance . In addition, the creation of a company-wide overview and control is important.
Access rights in the same system
Simple roll allocation
Overview
Central control

Difference in roles and rights

Role Based Access Control (RBAC)e

The "Role Based Access Control" method is a design pattern for managing access rights. You don't assign specific rights ("read data set XY") directly to individual users, but to a role ("processor for Z"). Users are then assigned certain roles based on their functions in the company. The access rights are derived from the roles. In identity management system, only roles are usually assigned. Mapping on specific rights usually takes place in the applications. User roles can be assigned globally or at application level in the identity management system.

Application admins can manage rights themselves

The award of the reels does not necessarily have to perform a central IDM admin. Depending on the organizational structure, it may also be useful to assign roles of application admins.

Example view from Keycloak (Open Source IAM from Red Hat)

Contact us
We are happy to help
Frank Tripp Specialist in IAM
[email protected] +49 5251 5449490
Frank Tripp
free, online >
Make an appointment

We use cookies

We use cookies to provide you with the best possible experience on our website. Analysis tools help us to identify and improve the most popular content. We also want to find out how well our advertisements work. Details can be found in the Data Protection section. Please select which cookies you want to accept: