Access Control is the new resource of user access management in the Digibee Platform that allows the realm's admin to define access permissions within a realm.
The updates now allow the grouping and reusing of similar profiles, concerning a better access management experience of the realm. The new Access Control allows a more efficient, agile, and useful management of users and their permissions.
Concepts related to the new Access Control
Now the Access Control has 3 steps to manage user access: users, roles, and groups. A user must be assigned to a group that has one or more associated roles to have access to the Platform's resources.
Users: Represents people who have access to the Platform and contains their personal data, such as name, last name, email address, and timezone.
Roles: Represents a set of permissions, usually corresponding to activities that one or more users perform on the Platform. Each role contains the permissions for the Platform's resources.
Groups: Groups associate a set of users with one or more roles. Users will only have access to Platform resources if they are assigned to one or more groups.
How does it work?
The image below shows the main components of Digibee HIP's new access control:
A group is an association between a set of users and bindings. A binding is an association between a role (and its respective permissions) and an environment (it can be test, production, or both).
In order to give permission to a new user, the administrator of the realm must create roles with their respective permissions, then create users (which will have no access by default), and finally create groups, which will associate users with their roles and environments.
There is also the option to use predefined System Roles and Default Groups. To learn more about this topic, read the article System Roles and Default Groups.
How to get started?
To learn more about how to implement the new access control, follow the step by step below:
First, the administrator of the realm must define which roles will be used within the realm. To learn more about creating roles, read the article Access Control Roles.
To facilitate the definition of access control roles, the Platform provides a set of (predefined) system roles that can be duplicated to assist the creation of new roles. To learn more about System Roles, read the article System Roles and Default Groups.
The realm administrator must also create the users within the Platform. Click here to understand more on Basic Concepts about Users.
Finally, after having defined the roles and users, the administrator of the realm must create the groups that associate a user to one or more roles and their respective environment. To learn more about groups, read the article Access Control Groups.
After creating Groups, Users and Roles, go to the Users interface to verify if all users are able to transition to the new Access Control Model. Users who haven't had their access replicated to the new model will be listed with an attention icon. To learn more, read the New Access Control Transition article.