Use cases

Here are some of the use cases of the policy-based access control.

Use case 1

Assigning an application management access to a test user.

The Britive navigation tiles are displayed as per the access granted to the user. Once an Admin creates any user, that user has bare minimal access to the app, just the MyAccess tab is available.

An Admin creates a TestUser from Admin->Identity Management tab.

To grant access to the application management for this user TestUser, follow this procedure:

1. Click on Admin->Role & Policy Management.
2. Click on Policies tab.
3. Click Add Policy to create a new policy.
4. Enter AppAdminPolicy as Policy Name.
5. Click Members-> Users.
6. Select *Test User * in the Select Users.
7. Click Permissions, select Add Existing Permission and select ApplicationAdminPermission and click Add.
8. Click Save and Enable to enable this policy.
9. Log in as a TestUser. In the navigation menu, you can see Admin along with MyAccess.
10. Click Admin to see the Application and Access Profile Management tile available to TestUser to manage all applications.

Use case 2

Adding a member (a test user) to a predefined policy TenantAdminPolicy to grant that user the system administration access.

TenantAdminPolicy is a predefined policy that provides system administration access to the assigned members. By default, root user is added to this policy. To add a test user 'TestUser' to this policy, follow this procedure:

1. Click on Admin->Role & Policy Management.
2. Click on the Policies tab.
3. Search and select TenantAdminPolicy from the list of policies.
4. Click Manage policy.
5. Click Edit to update this policy.
6. From Users -> Select Users and enter the test user name.
7. Click Save.
8. Log in using the test user to see all the system administrative access given to the user.

Use case 3

Creating a policy to give view/manage access to a particular application in Application and Access Profile Management.

We need to add two permissions in a policy:

• One permission for listing all resources (*)
• One permission for a specific application with View/Manage permission

1. Click on Admin->Role & Policy Management.
2. Click on the Permissions tab.
3. Select apps in the Consumer drop-down.
4. Click Add Permission to add customized permission.
   1. Select Applications in the Consumer list.
   2. Select All in the Resources list.
   3. Select apps.app.list in the Action list.
   4. Click Save.
5. Click Add Permission again to create a new permission.
   1. Select Applications in the Consumer list.
   2. Select a specific application from the Resources list.
   3. Select apps.app.view and apps.app.manage in the Action list.
   4. Click Save.
6. Select Policies from the Role & Policy Management.
7. Click Add Policy.
8. Enter the policy name and description.
9. In the Permissions tab, select Add Existing Permission and select the permission created just above these steps.
10. Click Add.
11. Click Save & Enable to save this customized policy.
12. Login using the test user and click the Application and Access Profile Management tile.
13. The user can access only the application selected while creating permission during step 5.2, the access is denied for the rest of the applications.