About role-based access control

2024-02-07Last updated

Role-based access control uses identities with various attributes to automatically manage access control. Defining provisioning policies ensures that people in your organization always have up-to-date access permission levels. If an employee changes job title, department, or moves to a different site, the system automatically adjusts their access when their identity attributes are changed.

Role-based provisioning policies can be used to automatically assign or revoke access in different situations:
  • Grant or revoke access based on employees locations.
  • Grant or revoke access based on specific roles or job titles in the organization, or who they report to.
  • Grant access to a zone only if people have specific training or certifications.
  • Grant or revoke access based on a list of custom attributes synchronized from an external source.
Note: Many other scenarios might also be possible depending on your requirements and current setup. You can also manually add, modify, or remove access at any time.

What is an identity?

​An identity is much more than the profile of a cardholder, it is a unique digital profile. The identity represents a person that either has an access control badge, uses the self-service portal, or both.
Note: In ClearID, a visitor or a temporary badge holder is not an identity.
  • An identity is a person who has a permanent badge assigned to them.
  • A visitor is a person who has a paper badge or a temporary badge credential assigned to them.
  • A contractor can be either an identity or a visitor. When a contractor is defined as a visitor, they receive a one-day HID card entered as a visitor in ClearID.
Access is typically permanent for employees, semi-permanent for contractors, and temporary for guests.

Identity attributes

Role based access control relies on policies (provisioning rules) that automatically assign rights to identities (people) based on attributes (traits or characteristics).

The life cycle of an identity

In ClearID, the entire life cycle of an identity can be automatically managed.

The following diagram illustrates the life cycle of an identity when a provisioning policy is activated: