Access Control

The Adminapp supports configurable, fine-grained authorization based on administrative actions that can be set in the Config Editor under:
Adminapp >> Access Control

  • Example actions that can be distinguished in authorization:
  • viewUser
  • lockUser
  • viewLog
  • ...

If more than one role is specified, at least one of the roles is required to perform an action.

How the Adminapp decides whether an authenticated administrator is entitled to perform an action depends on the configured Access Controller. Usually, the Access Controller​ plugin assigns required roles to each action. 

Roles can be managed and added under Adminapp >> Administrators Management. Airlock IAM offers segregated duty and admin-user management for fine-granular access for the individual user and the user group to which the admin-user is assigned.

It is also possible to translate the configured role names into languages not covered by the Adminapp UI by default. For information about how to add translations, see Customizing text elements in the Adminapp UI.


The following configuration excerpt (part of Role-based Access Control) shows that administrators can do some user actions with the helpdesk role and some are only available to administrators with the useradmin role.


Note that Airlock IAM does not limit the set of administrator roles but can be chosen arbitrarily (see demo configuration for an example).