⚙️ Authorization Framework
⚙️

Authorization Framework

The new Authorization Framework allows the admins to create granular authorizations using three key aspects: User PropertiesGroups, and Policies. These three interact with each other to provide a level of control that was previously missing from Strato V1.

This framework is designed to work in conjunction with existing permission systems. For example, authorizations for users are evaluated alongside their SuccessFactors Role-Based Permissions (RBP) to determine final access rights.

This article contains the following sections:

💡

This feature is currently in Beta. Features are mostly complete, but may still be subject to change.

Users can install this feature in the Upgrade Center.


Access

Users can access User PropertiesGroups, and Policies through the Configurations drawer in the People Hub.


User Properties

User Properties store user-related information into Property fields. These fields can be manually added and modified via the People Hub or an API call, or be mapped to a data source (for example, SuccessFactors).

These Properties are used to target and filter users based on specific attributes. This will be relevant when creating Groups and Policies.

💡

Learn more about User Properties.


Groups

Groups are a collection of users with the same attributes or responsibilities. Users can be added to a group manually, or automatically via their SuccessFactors RBPs or specific conditions based on User Properties.

Groups can also have Policies attached to them, which grants these Policies to all users within the Group.

💡

Learn more about Groups.


Policies

Policies define the level of access a user or a group has over certain actions or objects within Strato. Actions of a module for selected objects and targets can be allowed or denied using Policies.

How a policy is applied depends on the user type:

  • For SuccessFactors Users: Authorizations granted via a Strato Policy are evaluated together with the user's SuccessFactors RBPs. For an SF user to perform an action, they must have permission from both systems.
  • For External Users: Only the authorizations defined in the Strato Policy apply, as these users do not have SF RBPs.

Multiple permissions can be added to a Policy.

💡

Learn more about Policies.


Related articles