Introduction to identity management and access control

LUSID’s role-based access management system (RBAC) is designed to give you precise control over who can do what in your LUSID domain. It consists of two separate but interrelated systems: 

• The identity management system controls how users authenticate (that is, sign in) to LUSID 
• The access control system controls which LUSID datasets and features users are permitted to access once authenticated. 

The best place to start is with our white paper explaining how these systems work together.

Note: You can transition LUSID to a user-based access management system (UBAC) if you do not need to model professional responsibilities as roles. More information.  

Your ability to administer these systems is subject to access control permissions itself, but assuming you have sufficient privileges you can use the Identity and Access menu in the LUSID web app:

Alternatively, you can interact with these systems programmatically using a variety of API and SDK resources.
 

Explanation: Understand the big picture

• Understanding how LUSID’s identity management and access control systems work
• RBAC vs UBAC: Setting up user-based access control for LUSID
• Understanding access metadata (AMD)

Reference: Understand concepts and implications 

• What are a personal user and a service user?
• What is a user ID, and how do I discover it?
• What is a role?
• What are a policy and a policy collection?
• When do changes to a user's permissions take effect?
• What are an API access token and a client secret?
• What is a personal access token?
• What default roles and policies are provided with LUSID?
• What API and SDK resources are available for IAM?
• Using SSO with LUSID
• Provisioning LUSID using Okta and SCIM
• Setting up a schedule, subscription or other activity on behalf of a service user