Application permissions and roles in PingOne help you centralize access control, making it easier to quickly and repeatedly assign permissions to users and adjust them as your business needs change.

With access control based on permissions, you define permissions for application features, then group these permissions into roles. Assigning roles to users grants access to features and API resources. This is commonly known as role-based access control (RBAC).

Resources and permissions

Applications are built on top of APIs, and application features are often represented as API operations. Accordingly, you define permissions against an API. Application resources are the things that you want to protect in your API or application. An application permission specifies an action that a user can perform on an application resource. For example, if you have an invoicing application, you might define an invoice resource with permissions to view, create, pay, and void invoices.

Configuring application permissions

Complete the following steps to configure and enforce application permissions:

Extending access control

When your access control needs progress beyond static permissions, you can leverage real-time contextual information in your access control decisions. Fine-grained authorization policies can factor in a range of contextual attributes, such as user characteristics, environment properties such as location and time, and risk signals.

You can use PingOne's API Access Management capabilities in conjunction with application permissions to satisfy these access control requirements. For more information, see API services.