How does Access Manager support dynamic access control, that is, render complex decisions based on real-time data or application knowledge?
A highly extensible policy framework in Access Manager supports plug-ins in the identity repository. Subsequently, Access Manager can retrieve user data from other systems at runtime. You can also add policy-based response attributes to responses through response providers. Furthermore, you can extend Access Manager with the APIs to integrate with other applications for dynamic access control. A new capability in Access Manager enables the retrieval of user profiles at policy decision time. User profile attributes can be either static or dynamic. You define the static attributes within the policy and retrieve the dynamic ones at policy evaluation time, thus enabling attribute-based access control (ABAC). In addition, you can create referral policies that delegate policy management privileges to another entity, such as a peer realm, a subrealm, or even a third-party product. Finally, Access Manager supports elevated (step-up) authentication according to the resources being accessed and
Related Questions
- What happens if I want to get support from SAP Active Global Support for a JAVA based SAP solution without having Solution Manager Diagnostics installed?
- How does Access Manager support dynamic access control, that is, render complex decisions based on real-time data or application knowledge?
- Is it flexible enough to handle complex authorization decisions based on dynamic information, current data, and past behavior?