Introduction

Access Management is the set of policy-based and technology based  practices for controlling the access to resources.

Getting Started 

Access management is a process as well as a set of technologies. The Grouper project's experience suggests

...

• Examine your environment for high value access management use cases that cannot be simply solved using groups and relatively static attributes

Definitions 

General Definitions

A Group is a collection of subjects.  An example of using a group without using authorization is an email list. 

...

- Resource inheritance means that subjects which are assigned an action on a resource have other implied resources for that action (and inherited actions).  An institution's organization chart or course structure could be modeled as privilege resources.  Instructors could be granted privileges on individual courses, and deans could be granted privilege actions on entire departments or schools.  Sometime a resource which implies other resources is referred to as a role, however, it might be that the bundle of resources qualifies a role instead of defines a new role.

Access Control Decisions (groups, roles, privileges, and external authorization)

Overview

Applications have various access control needs to control which subjects have access to what.  This is generally for applications which require authentication, though the authorization could also apply to anonymous subjects (who would get privileges from an anonymous role). 

...