Roles in IAM

Once you have created your policies you can start creating roles using those policies. This will help to restrict specific resources to different roles.

Role

A role is a collection of permissions that are assigned to a user or a group of users within the product. A role defines what actions a user or group is allowed to perform within the product, such as creating or modifying resources, accessing data, or executing scripts.

Roles are often used to group users with similar responsibilities or access needs, and can be managed and organized using various tools and features within the product. By defining roles and assigning them to users, Accelerator platform help to ensure that access to resources and data is properly controlled and managed, and that data security and integrity are maintained.

Users can be assigned one or more roles within the product, depending on their responsibilities and access needs. By assigning roles to users, root user can control the actions that users are allowed to perform, and ensure that access to resources and data is limited to those who need it.

There are multiple attributes offered by the platform to help you create roles. Here is a list of all the attributes of a role.

Example 1 of role name "StudentProfileAccess" for Student Management System giving access to "read" and "write" to "firstName", "lastName" and "dob" of object "Students"

// Example Provider Role that contains multiple policies
// It includes two policies named as "<Provider-Data-Access-Policy-Id>" and
// "<Providers-Access-To-Patients-Data-Policy-Id>"
{ 
    "name": "Provider", 
    "policies": [ 
      "<Provider-Data-Access-Policy-Id>", 
      "<Providers-Access-To-Patients-Data-Policy-Id>" 
    ] 
  }