
Identity and Access Management Architecture ◾ 229
Entitlements
Without roles: Typical practice
User:
Resource:
- e entity requesting access to a resource
- Ex: John Smith, AppXYZ
- Ex: App, data base, service, and so on
- A permission to access a particular resource
- Ex: Open table, read record, write record
Entitlement:
Figure 17.6 A reactive approach to granting entitlements, or permissions for users to access
certain resources, can grow into an entangled web of relationships that becomes increasingly
difficult to visualize, much less control.
With roles: Best practice
User:
Resource:
Entitlement:
Business role:
Application role:
- A logical collection ...