Features in Access Management

applying access control templates (ACTs) to metadata objects

applying explicit controls to objects

managing repository-level controls

maintaining ACTs

The basic authorization display provides a full grid of applicable permissions and access control participants. This enables you to immediately see the entire picture, instead of having to examine the settings for only one identity at a time. You can immediately see the impact of your access control changes across identities. For example, the impact that an explicit denial for PUBLIC has on all restricted identities that do not have offsetting direct controls is immediately apparent.

For each effective permission, you can view origins information that identifies the source of the effective grant or denial.

The permissions inspector, enables you to easily and safely look up effective permissions for any user or group.

In each ACT’s definition, a usage tab lists the objects to which that ACT is directly applied. This helps you identify any gaps in your access control implementation, and helps you anticipate the impact of any changes that you make to the ACT.

The Explore Inheritance diagram enables you to identify all of an object’s access control parents. The diagram has an effective permissions overlay that helps you determine, for a specified identity and permission, where within the inheritance path access is gained or lost.

In each object’s authorization properties, a summary tab provides a simple list of any direct controls (explicit controls and directly applied ACTs) that have been set on the object. You can rearrange the list to group settings by identity, permission, or type (explicit versus ACT).