Overview

The Access Control component, along with its Admin UI subcomponent, protects the system from the unauthorized use. Access Control provides the functionality to authorize a user to access the system or services provided by the system. Admin UI provides the functionality to administer the security objects which are used by Access Control. For authorization, it verifies that a user has the authority to access individual security services. It grants this authorization only if the user's profile holds that service's set of required security rights at the time of the access request. For example, when a user requests to reset the password of another user, Access Control verifies that the requesting user has the proper right.

There are four basic objects in the Access Control system:

The following figure illustrates the relationship between the objects.

The figure explains the relationship between the four objects
There are four types of relationships among the objects:
In a Role-Based Access Control (RBAC) system,
There are three parts in the BTT Access Control:

The Lightweight Directory Access Protocol (LDAP) is supported by the Access Control. LDAP is an open industry standard, which defines a standard method for accessing and updating information in a directory. When Access Control is combined with the LDAP server, Access Control only provides the authorization function, and the user is authenticated by the LDAP server. All the information required by the authorization is stored by Access Control, and all the user information is stored by the LDAP server. Therefore, to combine Access Control with LDAP, the user authorization information should synchronize with the user authentication information, and Access Control should be able to use the authentication function of the LDAP server. See the Reference section for more details about how to synchronize Access Control with the LDAP server, and how to enable Access Control to use the authentication function of the LDAP server.