Applications, permissions, roles, and users
Identity Cloud provides options for managing permissions and roles between applications and users.
Keep in mind the following structure of applications, permissions, roles, and users:
- You can create permissions specifically for applications.
- Permissions cannot be directly assigned to users. First, the permissions need to be logically collected in a role. You can then assign the role to a user.
- A user with one role can have multiple permissions to multiple applications.
- Permissions are tied to applications. Permissions determine the granular functionality of an application.
- Users can have multiple roles, which themselves can have multiple permissions to multiple applications.
To connect application permissions to a role and then the role to a user, you have to configure:
Applications
and theirPermissions
Roles
and theirAssigned permissions
Users
and their assigned roles.
This section gives you a high-level overview of the process. You can find detailed descriptions for each sub-step by following the links below.
- In Application management > Applications, add applications that your users need access to, such as an end-user portal, customer ticketing tool, or possibly your phone directory or sales lead management tool.

- In the Permissions tab of the applications, create a permission or a set of permissions to these applications.

- In User management > Roles, create one or role and edit a role that define the functional tasks each group of your users needs to perform.

- Assign one or more permission to the roles that clearly identifies which of the applications the users with these roles will be able to access.

- In User management > Users, create the users or select those existing ones for which you want to define the access rights.

- In the Roles tab of the users, assign their roles.
