<IDHub should automatically be added as an Application with per-defined Roles and Entitlements>


Permission Management functionality allows you to configure the users, the roles that can access IDHub and their associated permissions that determine what each user is allowed to do with the system.

The default user store in IDHub is Mongo DB. This database stores all the information on users, roles and permissions. A default Admin user and default Admin password are configured and this is associated with a default Admin role with all permissions granted. After IDHub Install is completed you can log into the IDHub Admin console with the Admin user and get started.

IDHub Roles and Permissions

IDHub users are associated with Roles (one or many) that give them access privileges to IDHub UI and its features.

Roles associated with IDHub are:

  • SystemAdmin
  • ResourceOwner
  • AccessManager
  • Everyone

Roles are assigned to users through the Admin Console by the Admin User (default ) or the System Administrator, who can add, remove users from IDHub Roles thereby granting or revoking privileges.

The Admin user is the superuser, stored in the primary store of the IDHub system and is assigned default privileges that cannot be modified.

IDHUb Roles are coarse-grained giving the user access to user interface and its specific modules (See table below)

Sample Access Privileges:


RoleUser InterfacePermissionsPrivileges
AdminAllAllDefault IDHub user having all privileges associated with IDHub
SystemAdmin

Admin Console


Administer Applications
  • Login to Admin Console
  • View Dashboard
  • View My Profile
  • Permission Management
  • All Resource Owner
  • All Access Manager
ResourceOwner

Admin Console

Manage Applications
  • Login to Admin Console.
  • View Dashboard
  • View My Profile
  • Create, Edit, Delete requests in Application Management
  • Manage Reconciliation Service
  • View My Requests
  • Help
AccessManager

Admin Console


Approve Applications
  • Login to Admin Console.
  • View Dashboard
  • View My Profile
  • View, Approve, Reject My Tasks
  • Implement Workflow
  • Create, Edit, Delete Notification Templates.
  • Pause or Resume Notification Service
  • Help
EveryoneUserAppAllAccess to all functionality in UserApp.


IDH Role Privileges, Grant or Revoke Permissions to Users

Go to Admin Console. Navigate to Admin in the left navigation bar → Select Permission Management. IDHub Roles are displayed in "Select a Role" Page. Select a Role to view or modify its privileges. View, Add, Remove members from the Role. Save Changes.

Note: It is recommended a Trusted User Source is integrated with IDHub before using the Permission Management functionality.