Resource access from a user's perspective

To provide security of data for a user who works within a range of tasks on specific business resources, IBM Verify Identity Governance might provide one or more roles, and membership in one or more groups.

For example, a user in a business unit often has a title, or role that has a responsibility, such as buyer. The user might also be a member of a group that provides a view of tasks that the user can do, such as regional purchasing. The relationships are illustrated in Figure 1:

Figure 1. Securing data for user access to resources
Securing data for user access to resources

Each role has a related provisioning policy and workflow to grant the user to access one or more resources, such as accounts.

Each group has a view of specific tasks, and one or more access control items that grant specific operations and permissions to do the tasks. By using a form designer applet, you can also modify the user interface that a user sees. You might remove unnecessary fields for account, service, or user attributes.