Access control
18.13.1. Role-based access control

The Adminapp supports configurable, fine-grained authorization based on a set of administrative actions

  • Example actions that can be distinguished in authorization:
  • viewUser
  • lockUser
  • viewLog
  • ...

The complete list of actions can be found in plugin Role-based Access Control in the Adminapp.

How the Adminapp decides whether an authenticated administrator is entitled to perform an action or not depends on the configured Access Controller. Usually, it is the Role-based Access Controller plugin that assigns required roles to each action. 

If more than one role is specified, at least one of the roles is required to perform an action.

Example:

The following configuration excerpt (part of Role-Based Access Controller) shows that some user actions can be done by administrators with the helpdesk role and some are only available to administrators with the useradmin role.

63972150.png

Note that the set of administrator roles is not limited by Airlock IAM but can be chosen arbitrarily (see demo configuration for an example).