- 03 May 2023
- 1 Minute to read
Controlling Application Access
- Updated on 03 May 2023
- 1 Minute to read
How to Control User Accesses to Applications
RapidIdentity provides general Role Based Access Control (RBAC) as well as fine-grained Attribute Based Access Control (ABAC) to Application definitions to ensure that users can only see and access the Applications they're authorized for.
These controls also provide a dynamic and automated mechanism for assigning and removing application accesses based on changes to the user's profile such as a promotion from one job or grade to another.
To use RBAC and ABAC on an Application, as a RapidIdentity Administrator, follow these simple steps:
Navigate to the Catalog section in the Applications Module
Select Add Application if you are creating a new Application from scratch. Otherwise, find the Application you wish to modify, click the elispis to open the menu dialog and select Details
Click the Edit button at the bottom of the right modal window to make your modifications
To add or modify the Role or Attribute Based Acess Controls, click the Show Advanced Options button
Enable either RBAC or ABAC by choosing the appropriate selection from the Access Control drop-down menu
For this example we're choosing Attribute-based access control
Enter the Attribute Filter Criteria in the dialog box provided or, select the LDAP Builder and let the filter wizard guide you
For this example we're chossing the Grade Level attribute, idautoPersonGradeLevel, equal to PreK, K, 01 or 02
Click Save to save your changes and you're done
With this example, the Application we've modified, ABCmouse, a children’s learning tool that focuses on providing educational and age-appropriate material for children ages 2 through 8, will only be seen and can only be accessed by users in grades PreK through 2nd. When those users advance beyond second grade however, ABCmouse will no longer be visable or accessible to them.