| Include Page | ||||
|---|---|---|---|---|
|
Access Management Features Overview
| Panel | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
In addition the Grouper Training for Managers video series provides an overview of both access management at large, as well as Grouper's core concepts and features. See the TIER Grouper Deployment Guide, Section 6, for information on Access Control models. |
Grouper provides features to manage access to resources and services. Below are general guidelines on when to use each approach.
How do I set up the privileges determining what a subject can do with a group, such as Admin, Update, Read and View?
These privileges are specified when you define folders, groups and members. See the Grouper training video on How to Design Groups.
...
When do I use permission limits?
Permission limits are run time constraints on permissions. The permission that has a limit can be assigned to a role or to a subject in the context of a role. The limit can only be assigned to a direct permission assignment, not an inherited one. Generally you will use a limit when there is some information about the context of the user at the time that the permissions query is happening that limits the outcome. For example, if the user can only access the payroll system during business hours, then the time of day is the context. If the user can approve below $2000, then the amount of approval is the context. There are built in limits, or you can implement custom ones. These are implemented as a special type of attribute on the permission assignment, and some Java logic.
...