Fine-Grained User Authorization
With fine-grained user authorization,Just-In-Time Provisioning creates users with multiple authorization levels, according to their Identity Domain's Group membership and based on utility application configuration:
-
Security and Access Administrator
-
Users with an administrative role in the identity domain are provisioned using a Security Administrator Template User. The user gains the access to all transactions and services related to application security and user authorization setup
-
-
Business/Administrative Users with access to a specific business and/or administrative functions in the application
-
Users that are members of a Group in the identity domain are provisioned using a Template User mapped to this Group. The user gains access to the application according to the Template User’s setup.
-
-
Authenticated User
-
Users with no administrative role(s) in identity domain and no membership in any of the identity domain's Groups are provisioned using the Minimum Access Template User. The user gains access to My Preferences page only. The security and access administrator completes the authorization and access setup manually.
-
The mapping between identity domain's Groups and Template Users is stored in theIdentity and Access Management Integration Configuration.