Role-based access control

The Adminapp supports configurable, fine-grained authorization based on administrative actions. 

• Example actions that can be distinguished in authorization:
• viewUser
• lockUser
• viewLog
• ...

The complete list of actions can be found in the Config Editor under:
Adminapp >> Role-based Access Control

How the Adminapp decides whether an authenticated administrator is entitled to perform an action depends on the configured Access Controller. Usually, the Role-based Access Controller​ plugin assigns required roles to each action. 

If more than one role is specified, at least one of the roles is required to perform an action.

The following configuration excerpt (part of Role-Based Access Controller) shows that administrators can do some user actions with the helpdesk role and some are only available to administrators with the useradmin role.

Note that the set of administrator roles is not limited by Airlock IAM but can be chosen arbitrarily (see demo configuration for an example).