Applications, permissions, roles, and users
Identity Cloud provides options for managing permissions and roles between applications and users.
Keep in mind the following structure of applications, permissions, roles, and users:
- You can create permissions specific for applications.
- Permissions cannot be directly assigned to users. First, the permissions need to be logically collected in a role. You can then assign the role to a user.
- A user with one role can have multiple permissions to multiple applications.
- Permissions are tied to applications. Permissions determine the granular functionality of an application.
- Users can have multiple roles, which themselves can have multiple permissions to multiple applications.
To connect application permissions to a role and then the role to a user, you have to configure:
Applications
and theirPermissions
Roles
and theirAssigned permissions
Users
and their assigned roles.
This section gives you a high-level overview of the process. You can find detailed descriptions for each substep by following the links below.
- In Application management > Applications, add an application that you want to provide access to for some of your users, such as an end-user portal, customer ticketing tool, or possibly your phone directory or sales lead management tool.

- In the Permissions tab of the application, create a permission or a set of permissions to these applications.

- In User management > Roles, create a role that defines the functional tasks each group of your users needs to perform.

- Assign a permission to the role that clearly identifies which application users with these roles will be able to access.

- In User management > Users, create a user or select an existing user whose access rights you want to define.

- In the Roles tab of the user, assign the roles to the user.
