\n
As named, Identity and Access Management (IAM) allows to manage inside an organization identities that need to access resources.<\/strong>\u00a0In the past, authorizations were given with more or less control, with more or less known processes and with more or less painful rights omissions (to add or to remove).\u00a0To control and simplify authorizations management, it is necessary to define a role model which will allow to set publication rules, access conditions and most important, role removal at the right point!<\/strong><\/p>\n The role assigns to a user one or more rights about a resource.<\/strong>\u00a0It allows to define a first level of abstraction and automatism against a technical right and to control that two users with the same roles will have the same rights. But when we need to manage thousands of resources with different types, it becomes necessary to organize and design rights into a role model to manage them as one and allow anyone to request roles easily: the user in self-service, its manager, an application manager and more.<\/p>\n Thanks to role model, it now possible to offers normalized and simple interfaces to users<\/p><\/div>\n Memority\u2019s role model is highly dynamic\u00a0<\/strong>and allows to manage administration rights in Memority, applications accesses, equipment, business roles, contracts and more. In a word, we can represents anything as a resource assigned to a user. To do that, we use several concepts:<\/p>\n An administration role, the data model allows to define assignation rules, links between resources and rights<\/p><\/div>\n<\/div>\n Thanks to these 4 concepts, we can easily design several types of resources and roles to set a dedicated data model, with their own attributes.<\/strong><\/p>\n For example, we can set resource types \u201cApplication\u201d and \u201cEquipment\u201d, and role types \u201cApplication role\u201d, \u201cAdministration role\u201d, \u201cBusiness role\u201d and \u201cSupplies\u201d with their own publication and assignment rules (another article about publication and assignment is coming too \ud83d\ude09). These roles can be displayed separately according to their types, and managed by dedicated administrators.<\/p>\n![\"\"](\"https:\/\/memority.p2.pp-izhak.fr\/wp-content\/uploads\/2024\/01\/RoleModel1-Premiere-image-EN-1024x551-1.png\")
A very dynamic role model<\/strong><\/h3>\n
\n
![\"\"](\"https:\/\/memority.p2.pp-izhak.fr\/wp-content\/uploads\/2024\/01\/2-EN-1024x553-1.png\")
Different types of resources and roles<\/strong><\/h3>\n
![\"\"](\"https:\/\/memority.p2.pp-izhak.fr\/wp-content\/uploads\/2024\/01\/3-EN.png\")
<\/p>\n![\"\"](\"https:\/\/memority.p2.pp-izhak.fr\/wp-content\/uploads\/2024\/01\/EN-1024x555-1.png\")