Glossary | Opal

Attribute

Attributes are fields that exist on an object that says something about it.

Attribute Based Access Control (ABAC)

Attribute Based Access Control, or ABAC, is a type of authorization based on attributes defined for a user.

Authentication (AuthN)

Authentication answers the question: Who am I?

Authorization (AuthZ)

Authorization answers the question: What can I do?

Group

A group is a collection of users with a shared set of permissions.

Group Based Access Control (GBAC)

Group Based Access Control, or GBAC, is a form of authorization based on groups defined for a user.

Identity Provider

Identity Providers (IDPs) serve as the source of truth for your users (their attributes, profile pictures, etc.) and the groups they are part of.

Permissions

Permissions are the atomic building block of access. In a subject-object-verb structure of access, permissions are the verb of access.

Policy

A policy is a rule that determines access.

Resources

A resource is a fundamental part of the access vocabulary. In a subject-object-verb structure of access, a resource is the object being accessed.

Role Based Access Control (RBAC)

Role Based Access Control, or RBAC, is one type of authorization based on roles defined for a user.

Roles

A role is simply a collection of permissions. If a user assumes a role, they can take any of the actions associated with those permissions.

SAML

When you have one user that needs access to multiple apps, you can implement single sign-on (SSO) via a SAML protocol.

SCIM

SCIM is a newer version of the SAML protocol which allows for the automation of user provisioning. Like SAML, it is a protocol that facilitates single sign-on.

Subject-Object-Verb Model of Access

It makes sense to think of access in a subject-object-verb model.

Tag

Tags are similar to attributes, but they are less structured.

Access Management 101 Glossary

Filter by: