Authentication and authorization

This topic provides a general overview of authentication and authorization and introduces

Some content is unavailable due to permissions.

's (BAO) authentication and authorization system.

• Authentication is the mechanism used to securely identify users. It relates to how users sign into

  Some content is unavailable due to permissions.

  .
• Authorization is the mechanism used to grant users access to

  Some content is unavailable due to permissions.

  components and content and control what users are allowed to do with components and content.

Authentication

Authentication is the method used to securely identify users. A user is the entity signing into the system (

Some content is unavailable due to permissions.

). Authentication for 

Some content is unavailable due to permissions.

does the following:

• Identifies

  Some content is unavailable due to permissions.

  users.
  The authentication system stores information about users to identify them. A user name, login name, and password is associated with a user.
• Determines if the user attempting to sign into

  Some content is unavailable due to permissions.

  is a valid user who is allowed to sign into

  Some content is unavailable due to permissions.

  .

Authentication systems may use other entities to organize users, including the following:

• Groups are ways of combining users in a way that is meaningful to an organization.
• Organizations are ways of combining users and groups in a meaningful way. An organization might be a group of users in a company, an entire company, a consortium, society, or some other institution.

Some content is unavailable due to permissions.

authentication options

For information about the authentication options available with 

Some content is unavailable due to permissions.

Platform, see Installing-an-authentication-service. If you are upgrading from an earlier version of

Some content is unavailable due to permissions.

, refer to the appropriate upgrade section in Upgrading and the authentication information for that upgrade.

The way that you set up and use authentication varies based on the authentication option your organization uses. This wiki provides instructions for each option. Ensure that you use the instructions for your authentication type.

Authorization

Authorization is the system used to control access to resources. In 

Some content is unavailable due to permissions.

authorization controls access to components and content. 

Some content is unavailable due to permissions.

uses a role-based access control (RBAC) to control access to components and content.

In a typical RBAC system:

• Roles are created that align with job functions or tasks typically performed by users. 
• Permissions are set up to control access to resources, such as read, write, execute, delete.
• Permissions are associated with roles, which controls the roles access to resources.
• Users, groups, or organizations (whatever entities used in your authentication system) are assigned to roles, which grants users access to the resources associated with the roles when the users are logged into the system. (

  Some content is unavailable due to permissions.

  7.9 uses users and they must be assigned to roles.)

Related topics

Managing-users-roles-and-permissions