Role-based access control uses identities with various attributes to automatically
manage access control. Defining provisioning policies ensures that people in your organization
always have up-to-date access permission levels. If an employee changes job title, department,
or moves to a different site, the system automatically adjusts their access when their identity
attributes are changed.
Role-based provisioning policies can be used to automatically assign or revoke access in
different situations:
Grant or revoke access based on employees locations.
Grant or revoke access based on specific roles or job titles in the organization, or who they report to.
Grant access to a zone only if people have specific training or certifications.
Grant or revoke access based on a list of custom attributes synchronized from an
external source.
NOTE: Many other scenarios might also be possible depending on your requirements and
current setup. You can also manually add, modify, or remove access at any time.
What is an identity?
In Genetec ClearID™, an
identity represents a person and defines what they can do across various platforms,
security systems, business systems, and functions. Each identity has one or more access
control badges (credentials) and is linked to a cardholder in Synergis™. For example, these credentials could be a
Windows user (Active Directory), an employee (Human Resources and Payroll), a sales
person (CRM and Quoting Tool), and a cardholder (Physical Security).
An identity is much more than the profile of a cardholder, it is a unique digital
profile. The identity represents a person that either has an access control badge, uses the
self-service portal, or both.
NOTE: In ClearID, a visitor or a temporary badge holder is not
an identity.
An identity is a person who has a permanent badge assigned to them.
A visitor is a person who has a paper badge or a temporary badge credential assigned
to them.
A contractor can be either an identity or a visitor. When a contractor is defined as
a visitor, they receive a one-day HID card entered as a visitor in ClearID.
Access is typically permanent for employees, semi-permanent for contractors, and
temporary for guests.
Identity attributes
In Genetec ClearID™,
attributes are the traits or characteristics that make up an identity. Examples of
attributes include department, location, role, seniority, pay grade, training
certifications, and security clearance.
Role based access control relies on policies (provisioning rules) that automatically assign
rights to identities (people) based on attributes (traits or
characteristics).
In Genetec ClearID™, a role
manager is an identity that has authority over who is assigned to a role. A role manager
can add people to and remove people from a role. They are also responsible for role
access review approvals.
The life cycle of an identity
In ClearID, the entire life cycle of an identity can be automatically managed.
The following diagram illustrates the life cycle of an identity when a provisioning policy
is activated: