|
|
Elements of an access control policyAn access control policy consists of four elements:
|
 ibm.com/redbooks |
Elements of an access control policy
An access control policy consists of four elements:
Access group The group of users to which the policy applies.
Action group A group of actions performed by the user on resources.
Resource group The resources controlled by the policy. A resource group may include business objects such as contract or order, or a set of related commands such as all of the commands that users of a particular role can perform.
Relationship (Optional) Each resource class can have a set of relationships associated with it. Each resource can have a set of users that fulfill each relationship. For example, a policy could specify that only the creator of an order can modify it. In this case, the relationship would be creator, and it is between the user and the order resource.
ibm.com/redbooks