> Security > Authorization.
The Authorization page appears.
Role-based access control allows you to configure the scopes that are contained within OAuth access tokens requested by client applications on behalf of users in order to access protected APIs/URLs. You create Access Management Roles and link them to scopes and users. Consider the following example:
Example: You
have created a health care API with the following scopes: prescription:fill,
prescription:view, prescription:refill, tests:book, test:results, tests:post,
appointments:schedule, appointments:confirm. Using this example, you want
to allow the following access:
- A pharmacy access to view, fill, and refill prescriptions
- Patients access to schedule and confirm appointments, request prescription
refills and view test results
- Hospital access to all scopes
To facilitate access to the scopes based on user access permissions, you
set up Access Management Roles for the pharmacy, patients, and the hospital with the corresponding scopes.
You then associate these roles with your users.
Role-Based Access Control
1. Click > Security > Authorization.
The Authorization page appears.
2. Select RBAC. The Access Management Roles (Role-based Access Control) page appears.
3. Click
. The Add
Role dialog box appears.
4. Enter a Name for the Access Management Role.
5. Enter a Description for the role.
6. Select the Parent (Role to Extend) from the drop-down list.
Note: A role can inherit its scopes from another role (such as, a parent role). If a role extends a parent role, it will also be associated with all the scopes associated with the parent.
7. Select the API/URL the role can access from the drop-down list.
8. Select the Scopes the role can access.
9. Repeat steps 7 and 8 to add additional APIs/URLs with scopes associated with this role.
10. Click Add.