Skip to content

Entitlement

Concepts in Access Management#

For conceptual background, see How Access Management Works.

See a list of policies associated with a user.

  1. On the Users tab, select a user to see information about the policies for which the user has permissions.

  2. On the Resources tab, select a resource to see information about the policies that govern access to that resource.

Users#

On the Entitlement page, under the Users tab, select the User (e.g. padmin) from the drop-down. This drop-down auto-populates with a list of Access Management users.

Based on the selected user, the Entitlement page displays the relationship between user and policy in a tabular format.

The following are the columns under the Users tab:

  • Details: This column allows you to expand and view the policy details with the following sub-columns:

    • Policy ID: This indicates the policy's unique id. On clicking this id, you can drill-down the policy and will be navigated to the edit policy page. You can edit the policy and save it.

    • Policy Name: This indicates the policy name.

    • Policy Labels: This indicates the policy labels. 

    • Roles: This indicates the role name (if any). 

    • Groups: This indicates the group name (if any).

    • Users: This indicates the user name (if any). 

    • Action: This sub-column contains 3 below action items:

      • View: Using this option, you are allowed to view the policy in read-only format.

      • Edit: Using this option, you are allowed to edit the policy and save it.

      • Delete: Using this option, you are allowed to delete the policy.

  • Service: This indicates the name of service such as privacera_adls, privacera_hive, etc.

  • Resource: This indicates the resource path/name which is associated with the selected user. 

  • Permissions: This indicates the list of permissions associated with the selected user such as read, write, meta read, delete, etc.

  • Policy Count: This indicated the count of direct and indirect policies based on the selected user.

What is Direct & Indirect Relationship?#

Direct relationship denotes that the user is attached directly to the policy or resource. Direct relationship legend displays in green color along with the count of Group, Roles, and Policies. Consider the below example:

  • Suppose there is a user (Mark), and a role (Project_Alpha) where the user is defined as Mark.

  • So now, on the entitlement page if you select Mark as a user then under the Role drop-down Project_Alpha will be listed because it is directly mapped with a user called Mark.

Indirect relationship denotes that the user is mapped indirectly to the policy or resource. Indirect relationship legend displays in yellow color along with the count of Group, Roles, and Policies. Consider the below example: 

  • Suppose there is a user (Mark), and a role (Project_Beta) that contains 'Role1' as Role.

  • So now, on the entitlement page if you select Mark as a user then under the Role drop-down Project_Beta will be listed because 'Role1' is indirectly mapped with a user called Mark. Because under Role1, Mark is defined as a user.

Search Options:

  • User: This option auto-populates with the list of defined users under Access Management module.

  • Group: This option auto-populates with the list of defined groups under Access Management module. 

  • Role: This option auto-populates with the list of defined roles under Access Management module. This list contains direct or indirect roles associated based on the selected user.

  • Zone: This option auto-populates with the list of defined zones under Access Management module.  

  • Resource: This option allows you to filter the entitlement records by using the resource name. For example: container-1

  • Service: This option auto-populates with the list of services that are present under Access Management module.