Applications, permissions, roles, and users

Identity Cloud provides options for managing permissions and roles between applications and users.

Keep in mind the following structure of applications, permissions, roles, and users:

• You can create permissions specific for applications.
• Permissions cannot be directly assigned to users. First, the permissions need to be logically collected in a role. You can then assign the role to a user.
• A user with one role can have multiple permissions to multiple applications.
• Permissions are tied to applications. Permissions determine the granular functionality of an application.
• Users can have multiple roles, which themselves can have multiple permissions to multiple applications.

To connect application permissions to a role and then the role to a user, you have to configure:

• Applications and their Permissions
• Roles and their Assigned permissions
• Users and their assigned roles.

This section gives you a high-level overview of the process. You can find detailed descriptions for each substep by following the links below.

1. In Application management > Applications, add an application that you want to provide access to for some of your users, such as an end-user portal, customer ticketing tool, or possibly your phone directory or sales lead management tool.

2. In the Permissions tab of the application, create a permission or a set of permissions to these applications.

3. In User management > Roles, create a role that defines the functional tasks each group of your users needs to perform.

4. Assign a permission to the role that clearly identifies which application users with these roles will be able to access.

5. In User management > Users, create a user or select an existing user whose access rights you want to define.

6. In the Roles tab of the user, assign the roles to the user.