IBM OpenPages Folder Based Security

The first step to understanding security in OpenPages is to understand the folder structures in OpenPages.

One type of folder structure is the entity folder structure.

Each entity instance created in OpenPages resides in its own folder

Nearly all other object types have one folder per object type (there are some exceptions).

In each object type folder there is a complete entity hierarchy folder structure

Object instances reside in the various entity folders

Every object instance has a field labeled Folder.

This field may not be exposed to all users.

The field shows the full path to the folder in which the instance is located.

There are two types of groups in OpenPages:

Security Domain groups

Organizational groups

Security domain groups are created by the GRC Platform when an entity is added.

These security domain groups are used as containers to which individual users and organizational groups are associated.

Security domain groups are used to assign users and organizational groups to an entity for purposes of reading, writing, deleting and associating object instances within that entity.

The security domain group screen has the following sections:

• Security Domain Information

• This is simply the name and description of the entity

• Administrators & Permissions

• Security Domains

• Groups

• Users

• Role Assignments

The group within the hierarchy to which a user is assigned a role is referred to as the Security Context Point.

By default, the security context in the GRC Platform is based upon the SOXBusEntity object type.

The security context can be extended beyond the business entity, but is beyond the scope of this training.

A user assigned to the security context point Security Domains, referred to as the hierarchy root '/', will have access to all object instances in the GRC Platform.

A user assigned to the security context point /Global Financial Services/Asia Pac, will have access to object instances in Asia Pac and the four child entities below it.