Reference document

Access Policies Management Application

The Access Policies Management Application allows user to define policies that specify how information about resources, users and devices (their entitlements and privilege attributes), and the environmental context should be combined in order to determine when to grant or deny access to physical or logical resource. Policies can combine information about the resource, the user and the context to make an access decision using several different ways (called access control modes). The most common access control modes include Access Control List (ACLs), Role-based Access Control (RBAC), Attribute-based Access Control (ABAC), etc. The decision which model (what type of policies) to use usually depends on required granularity of access control, required ease of administration, overall organization policies, etc. In many cases hybrid approach may be utilized RBAC often provides a sufficient level of granularity to define access policies for internal resources; however, an application that has an extensive remote user population may require additional access mechanisms capable of handling ABAC contextual information.

Access Management Applications