This section contains the following sections:
A role policy is essentially a collection of permissions that are granted to users and/or groups who are assigned to the role. It also defines how, when, and under what constraints the role is assigned.
Granting a role to a user or a group confers the defined access privileges as long as the user or group is assigned to the role. Roles are computed and granted to users or groups dynamically at runtime.
Roles can be managed in hierarchies so a user assigned to a parent role also inherits any child roles (so long as this is not prohibited by other policies).
This section walks you through the steps of defining a role policy that assigns the HealthProviders role to the Doctors group for the purpose of granting view access to the Admissions System’s patient roster. All users in the Doctors group will have view access to the roster.
If autosave is not enabled, save your work as follows:
Note: | In an actual deployment, you could select the Yes, save changes and distribute option to both save the role policy and distribute it to the SSM for immediate enforcement in the secured application. |
This tutorial showed how to assign a role to a group with the result that all users in the group receive the role.
The next tutorial shows how to build and generate policy reports.