none
Role Based Access Control and FIM RRS feed

  • Question

  • Hi,

    Would these statements about RBAC and FIM (not BHOLD) be true:

    • RBAC in FIM Sync is essentially governed by the built-in FIM Groups (e.g. FIMSyncAdmins, etc)
    • RBAC in FIM Portal is essentially governed by FIM Portal Sets & MPRs

    Thanks,

    SK

    PS. not looking at BHOLD above, just FIM
    • Edited by Shim Kwan Tuesday, August 12, 2014 4:56 AM
    Tuesday, August 12, 2014 4:56 AM

Answers

  • Shim,

    Criteria-based groups also contribute to FIM's RBAC capabilities. Is there anything specifically you are looking for in the way of features?

    • Marked as answer by Shim Kwan Wednesday, August 13, 2014 8:51 PM
    Tuesday, August 12, 2014 5:23 AM
  • This can be true in a narrow sense. If we are just thinking of access to FIM and not on the managed organizational resources.

    FIM Synch:-
    Through FIM Synch groups, we are just controlling the access to FIM Synch service. We are not separating access based on roles(say organizational role).

    For FIM Portal, again it can be true if we are thinking of access to FIM Portal only and not the managed organizational resources.

    Thanks,
    Mann

    • Marked as answer by Shim Kwan Wednesday, August 13, 2014 8:51 PM
    Tuesday, August 12, 2014 7:37 AM
  • If you want to implement your own RBAC solution (not just for FIM access), you have to use FIMSevice.

    Group objects can be used to have a "simple" implementation but if you want to have a more complex implementation, you have to do a lot of works!

    Regards,


    Sylvain

    • Marked as answer by Shim Kwan Wednesday, August 13, 2014 8:51 PM
    Tuesday, August 12, 2014 12:35 PM

All replies

  • Shim,

    Criteria-based groups also contribute to FIM's RBAC capabilities. Is there anything specifically you are looking for in the way of features?

    • Marked as answer by Shim Kwan Wednesday, August 13, 2014 8:51 PM
    Tuesday, August 12, 2014 5:23 AM
  • This can be true in a narrow sense. If we are just thinking of access to FIM and not on the managed organizational resources.

    FIM Synch:-
    Through FIM Synch groups, we are just controlling the access to FIM Synch service. We are not separating access based on roles(say organizational role).

    For FIM Portal, again it can be true if we are thinking of access to FIM Portal only and not the managed organizational resources.

    Thanks,
    Mann

    • Marked as answer by Shim Kwan Wednesday, August 13, 2014 8:51 PM
    Tuesday, August 12, 2014 7:37 AM
  • Thanks, really just thinking to what extent one could deploy some form of an RBAC solution with just FIM.
    Tuesday, August 12, 2014 8:13 AM
  • If you want to implement your own RBAC solution (not just for FIM access), you have to use FIMSevice.

    Group objects can be used to have a "simple" implementation but if you want to have a more complex implementation, you have to do a lot of works!

    Regards,


    Sylvain

    • Marked as answer by Shim Kwan Wednesday, August 13, 2014 8:51 PM
    Tuesday, August 12, 2014 12:35 PM
  • Thank you, that's what we thought. Cheers.
    Wednesday, August 13, 2014 8:51 PM