Access Control Services (ACS) are security services provided on predix platform for application developers to add granular authorization mechanisms to access web applications and services without having to add complex authorization logic to their code. ACS works in conjunction with the User Account and Authentication (UAA) security service.
Access Control Services provide the following benefits:
The Attribute Management service allows you to create attributes for users and resources.
Attributes are characteristics of a user or resource that can be used to make access-control decisions. An attribute is identified by an issuer, the entity that asserts the attribute, and a name that describes the attribute. Some example of user and resource attributes include the organization, site, and group to which a resource belongs. Attributes are used in conjunction with access-control policies for user authorization.
The Policy Management service allows you (with required privileges) to create, read, update, and delete access-control policies.
An access control policy contains a set of rules that determine the required permissions for the specified users and resources. The rules can take into consideration the user attributes, the action the user wants to perform, the resource URI, and any resource attributes that further describe the resource