Permission Assignments

Ultimately the user will be assigned permissions through policy evaluation, whereby the user is assigned one or more Application Role that in turn groups one or more Permission.

When you select a Permission from the permission listing, you are taken to a page to manage the roles this permission is assigned to. You’ll be presented with the list of available roles to select, as discussed in this section.

Assigning Permissions

Select the Permission from the permission listing and from the Manage Permission page select Role Assignments tab and select from the list of roles presented to assign the permission to the role.

To assign claims to permission select Claim Assignments tab and add claims to permission

Do this for each permission in order to assign them to a role.

Assigning Permissions for Child Policies

When managing a Child Policy, you will see a list of permissions created for the Child Policy in addition to permissions created for each parent policy in the hierarchy.

If you select a Permission that was created for this Child Policy, you will be able to assign the Permission to roles created for this Child Policy, or roles created for any parent policy in the hierarchy.

Inherited Permission Assignments

A parent in the policy hierarchy may assign a Permission to an application role in the policy hierarchy.

When you manage a Child Policy, if you select a Permission created by a parent in the policy hierarchy to create permission assignments at this level, you will see any inherited permission assignments and cannot remove those assignments. You will be able to assign the permission to roles that are not already selected.

The same is applied on the claims assignments, if there was claims in the parent policy hierarchy, you will see inherited claims assignments and cannot remove or edit those assignments