Access Control

Access Control is:

the selective restriction of access to system resources

The purpose of implementing access control is to minimize the risk of unauthorized access to system resources and information. InnowayIT Platform employs several ways to grant access to resources as shown in the figure below

figure 1: different ways of access control

A profile

outlines what resources a user can access in the system e.g. an administrator can access all the resources but an application portfolio analyst can access only application related pages

Profiles are managed by administrator in Administration > Profile page. To configure access control for a profile refer to Sidebar Configuration.

A role

describes skills with a level of authority to perform a given task. Roles are part of a hierarchy. For example CIO is a role which can access all the strategic themes but Cybersecurity Manager is a role which can access only Cybersecurity strategic theme.

Roles are managed by administrator in Administration > Role page.

Following table lists the attributes of a profile:

Attribute	Type	Description
Name
Short Description
Long Description

Following table lists the attributes of a role:

Attribute	Type	Description
Name	Text	Name of the role
Short Description
Long Description
Landing Page	Text	First page displayed to user upon login
Parent Role	ID	Id of Parent Role