Authorization in nevisIDM

In nevisIDM, there are two kinds of authorization: functional authorization and data room authorization. Functional authorization decides on whether a user is authorized to execute a certain operation. Data room authorization decides on which client, unit and application data can be modified by a user.

Authorization is checked before every operation. In some cases, you may need extra privileges for a specific function, depending on the data to which the function is applied, e.g., automated creation of profiles.

The functional authorizations can also be restricted to specific attributes by fine-grained permissions. For example, the Helpdesk role can be restriced to have access to the user state only.