Identity and Access Management (IAM)

IAM Service provides out-of-the-box identity and access management.

Here you can find an overview of the Emporix identity and access management (IAM) concept, along with its features and benefits.

Looking for code tutorials? Check out the .
Looking for API reference? Check out the in the Emporix API Reference.

Purpose

The IAM feature has been introduced to help you control the user access level in specific services. By defining clear-cut roles and permissions, you can be sure that unauthorized users won't be able to modify or view sensitive data. We have prepared a set of predefined access control templates so that you can get started quickly.

Features

The Emporix IAM concept introduces a set of features that make identity and access management easier:

Feature

Description

User types

For a tenant, there are two types of users available: customers and employees of that tenant.

Employee groups

Employee groups aggregate employees of a tenant that share the same access control within a particular service and resource. By assigning an employee to a particular group, you grant them a specific access control level. Access controls are applied to both the Emporix Management Dashboard and the APIs through scopes. To learn more about scopes, check out the Authorization and scopes guide.

Access controls and access control templates

Access controls combine both resources and roles. For example, a user with a manager role can view, create, delete, and edit resources within a service. You can use access control templates that contain predefined settings for roles. For more information, check out Access control templates.

Resources

Objects within Emporix API services, for example area and time resources in the Delivery Service.

Roles

Roles encapsulate predefined permissions that allow users to perform actions on resources within services. For example, a user with a manager role can create, view, edit, and delete resources within a service.

Permissions

Permissions define what actions a user with a specific role can perform on resources within services. For example, a service might have permissions to perform the following actions on a resource: view, create, delete, and edit.

Localized fields

When creating or updating a group, permission, or role, you can specify its name and description in multiple languages.

Overview

The following diagram presents an example of the information flow in the IAM Service.

For example, a "Catalog editors" user group may comprise of users granted edit, create, and view permissions within the Catalog resource in the Catalog service.

Access control templates

Emporix provides you with several predefined access control templates that you can apply to a group:

Name

Service/Resource

Catalog Manager

Catalog
Category
Product
Product template
Label
Brand
Supplier
Webhook

Pricing Manager

Price Model
Price List
Tax
Unit

Order Fulfillment Manager

Customer
Order
SEPA
Return
Checkout
Site

PreviousAuthentication and Authorization NextAuth0

Last updated 1 month ago

Was this helpful?