Controlling Application Access

How to Control User Accesses to Applications

RapidIdentity provides general Role Based Access Control (RBAC) as well as fine-grained Attribute Based Access Control (ABAC) to Application definitions to ensure that users can only see and access the Applications they're authorized for.

These controls also provide a dynamic and automated mechanism for assigning and removing application accesses based on changes to the user's profile such as a promotion from one job or grade to another.

To use RBAC and ABAC on an Application, as a RapidIdentity Administrator, follow these simple steps:

1. Navigate to the Catalog section in the Applications Module
   

2. Select Add Application if you are creating a new Application from scratch. Otherwise, find the Application you wish to modify, click the elispis to open the menu dialog and select Details
   

3. Click the Edit button at the bottom of the right modal window to make your modifications
   

4. To add or modify the Role or Attribute Based Acess Controls, click the Show Advanced Options button
   

5. Enable either RBAC or ABAC by choosing the appropriate selection from the Access Control drop-down menu
   

   For this example we're choosing Attribute-based access control

6. Enter the Attribute Filter Criteria in the dialog box provided or, select the LDAP Builder and let the filter wizard guide you
   

   For this example we're chossing the Grade Level attribute, idautoPersonGradeLevel, equal to PreK, K, 01 or 02

7. Click Save to save your changes and you're done

With this example, the Application we've modified, ABCmouse, a children’s learning tool that focuses on providing educational and age-appropriate material for children ages 2 through 8, will only be seen and can only be accessed by users in grades PreK through 2nd. When those users advance beyond second grade however, ABCmouse will no longer be visable or accessible to them.