IMPORTANT: This documentation has been discontinued. Read the updated New Access Control documentation on our new documentation portal.
Overview
Access Control is the new feature of user access management in the Digibee Platform that allows the realm's Access Manager to define access permissions.
The updates now allow the grouping and reusing of similar profiles, concerning a better access management experience of the realm. The new Access Control allows more efficient, agile, and useful management of users and their permissions.
Concepts related to the new Access Control
Now the Access Control has 3 steps to manage user access: users, roles, and groups. A user must be assigned to a group with one or more associated roles to access the Platform's resources.
Users: Represents people who have access to the Platform and contains their personal data, such as name, last name, email address, and timezone.
Roles: Represents a set of permissions, usually corresponding to activities that one or more users perform on the Platform. Each role contains the permissions for the Platform's resources.
Groups: Groups associate a set of users with one or more roles. Users will only have access to Platform resources if they are assigned to one or more groups.
How does it work?
The image below shows the main components of Digibee Platform's new access control:
A group is an association between a set of users and bindings. A binding is an association between a role (and its respective permissions) and an environment (it can be test, production, or both).
In order to give permission to a new user, the Access Manager must create roles with their respective permissions, then create users (which will have no access by default), and finally create groups, which will associate users with their roles and environments.
There is also the option to use predefined System Roles and Default Groups. To learn more about this topic, read the article System Roles and Default Groups.
Note: The Access Manager is a user listed in the 'access-managers' Group which grants permission to manage Users, Groups, and Roles.
How to get started?
To learn more about how to implement the new access control, follow the step by step below:
First, the Access Manager of the realm must define which roles will be used within the realm. To learn more about creating roles, read the article Access Control Roles.
To facilitate the definition of access control roles, the Platform provides a set of (predefined) system roles that can be duplicated to assist in the creation of new roles. To learn more about System Roles, read the article System Roles and Default Groups.
The Access Manager must also create the users within the Platform. Click here to understand more about Basic Concepts about Users.
Finally, after defining the roles and users, the Access Manager of the realm must create the groups that associate a user with one or more roles and their respective environments. To learn more about groups, read the article Access Control Groups.
After creating Groups, Users and Roles, go to the Users interface to verify if all users are able to transition to the new Access Control Model. Users who haven't had their access replicated to the new model will be listed with an attention icon. To learn more, read the New Access Control Transition article.