Defining User Access to Resources

Users in your extended enterprise can be anyone with a relationship to your company, including employees, customers, partners, suppliers, or acquisitions. In the Waveset system, users are represented by user accounts.

Depending on their relationships with your business and other entities, users need access to different things, such as computer systems, data stored in databases, or specific computer applications. In Waveset terms, these things are resources.

Because users often have one or more identities on each of the resources they access, Waveset creates a single, virtual identity that maps to disparate resources. This allows you to manage users as a single entity. See Figure 1–1.

Figure 1–1 Waveset User Account Resource Relationship

To effectively manage large numbers of users, you need logical ways to group them. In most companies, users are grouped into functional departments or geographical divisions. Each of these departments typically requires access to different resources. In Waveset terms, this type of group is called an organization.

Another way to group users is by similar characteristics, such as company relationships or job functions. Waveset recognizes these groupings as roles.

Within the Waveset system, you assign roles to user accounts to facilitate efficient enabling and disabling of access to resources. Assigning accounts to organizations enables efficient delegation of administrative responsibilities.

Waveset users are also directly or indirectly managed through the application of policies, which set up rules and password and user authentication options.