Applications, permissions, roles, and users

Identity Cloud provides options for managing permissions and roles between applications and users.

Keep in mind the following structure of applications, permissions, roles, and users:

• You can create permissions specifically for applications.
• Permissions cannot be directly assigned to users. First, the permissions need to be logically collected in a role. You can then assign the role to a user.
• A user with one role can have multiple permissions to multiple applications.
• Permissions are tied to applications. Permissions determine the granular functionality of an application.
• Users can have multiple roles, which themselves can have multiple permissions to multiple applications.

To connect application permissions to a role and then the role to a user, you have to configure:

• Applications and their Permissions
• Roles and their Assigned permissions
• Users and their assigned roles.

This section gives you a high-level overview of the process. You can find detailed descriptions for each sub-step by following the links below.

1. In Application management > Applications, add applications that your users need access to, such as an end-user portal, customer ticketing tool, or possibly your phone directory or sales lead management tool.

2. In the Permissions tab of the applications, create a permission or a set of permissions to these applications.

3. In User management > Roles, create one or role and edit a role that define the functional tasks each group of your users needs to perform.

4. Assign one or more permission to the roles that clearly identifies which of the applications the users with these roles will be able to access.

5. In User management > Users, create the users or select those existing ones for which you want to define the access rights.

6. In the Roles tab of the users, assign their roles.