Role Manager roles are at the heart of OpenDash360™ application distribution and access. Roles identify a type or category of user.
Typical roles that may exist include:
Applications often assign access and permissions to specific roles rather than individual users as dealing with users can be too fine-grained and hard to manage.
There are three types of roles:
- Realm Roles
- Client Roles
- Composite Roles
First of all, what is a realm? A realm manages a set of users, credentials, roles, and groups. A user belongs to and logs into a realm. Realms are isolated from one another and can only manage and authenticate the users that they control A realm role is a role that is visible to all applications across the enterprise and can be used throughout the realm.
Clients are entities that can request SSO to authenticate a user. Most often, clients are applications and services that want to use SSO to secure themselves and provide a single sign-on solution. Clients can also be entities that want to request identity information or an access token so that they can securely invoke other services on the network that are secured by SSO. A client role is a role that is created inside a client. This gives you the ability to have application level security via the client role. One last term you will need to understand is a composite role.
A composite role is a role inside a role. You can create 5 realm roles for various purposes and then create one role and place each of the roles inside it. Assigning a user to that composite role effectively places them in all 5 roles at once. You can do the same with client roles. You can add several client roles to a realm role thereby effectively adding them to all the client roles that are mapped to the realm role.