Access

Access is your ability to use a specific resource, such as a shared folder or an application.

In IBM Security Identity Manager, access can be created to represent access to access types. Such access types might be shared folders, applications (such as WebSphere Application Server), email groups, or other managed resources.

An access differs from an account in that an account is a form of access; an account is access to the resource itself.

Access is the permission to use the resource. The access entitlement defines the condition that grants access to a user with a set of attribute values of a user account on the managed resource. In IBM Security Identity Manager, an access is defined on an existing group on the managed service. In this case, the access is granted to a user by creating an account on the service and assigning the user to the group. Access entitlement can also be defined as a set of parameters on a service account that uses a provisioning policy.

When a user requests new access, by default an account is created on that service. If an account exists, the account is modified to fulfill the access entitlement. For example, the account is assigned to the group that grants access to an access type. If one account exists, the account is associated with the access. If multiple accounts exist, you must select the user ID of the account to which to associate your access.

An access is often described in terms that can be easily understood by business users.

Parent topic: People overview