Skip to main content

Policy-Based Access Control (PBAC) Training Course Outline

This training course provides a comprehensive overview of PBAC concepts and their practical application using EmpowerID. It is designed to be completed over 1-2 days, with detailed content, conceptual explanations, and hands-on labs.

Day 1: PBAC Fundamentals

Introduction to PBAC

  • Definition and Comparison: Define Policy-Based Access Control (PBAC) and contrast it with traditional Role-Based Access Control (RBAC). Discuss how PBAC uses dynamic policies and attributes for access control, whereas RBAC relies on static roles. [1-3]
  • Benefits of PBAC: Explain the advantages, such as fine-grained access control, improved risk management, and centralized policy administration. [2-6]
  • Real-World Use Cases: Explore scenarios where PBAC enhances security and operational efficiency. [1, 7]

Key PBAC Components

  • Policies: Rules that define access based on user, resource, and environmental attributes. [2]
  • Attributes: Properties used in policies, like a user's department, a resource's classification, or the time of day. [1, 2, 7]
  • Policy Decision Point (PDP): The component that evaluates policies and makes access decisions. [2, 6]
  • Policy Enforcement Point (PEP): The component that enforces the decisions made by the PDP. [2]

EmpowerID's PBAC Implementation

  • Data Model Overview: Understand how EmpowerID supports PBAC across various systems. [2, 4, 5]
  • Local Rights and Local Roles: Discuss the concept and use of these elements within EmpowerID. [4, 8]
  • Central Policy Administration: Explore EmpowerID's role in policy administration and auditing. [6]

Lab 1: Setting Up a Basic PBAC Policy in EmpowerID

  1. Create a Test Application: Define basic rights for your application. [9, 10]
  2. Resource Type Association: Define a resource type and link it with rights. [9]
  3. Policy Creation: Set up a simple policy to grant access based on user attributes.

Day 2: Advanced PBAC Concepts and Best Practices

Resource Scoping with Field Types

  • Field Types Introduction: Learn how to use Field Types for fine-grained control in EmpowerID. [7, 8, 11, 12]
  • Defining and Associating Field Types: Understand how to define Field Types and link them with rights. [11-13]
  • Configuring Access Assignments: Configure access based on Field Type values. [12]
  • Person Relative Field Types: Explore the use of dynamic field types based on user attributes. [7, 14]

Approval Workflows

  • PBAC Approval Process: Understand how approvals work in EmpowerID. [15-17]
  • Defining Approval Rights: Set up approval rights and configure routing for approvals. [15-19]
  • Split Approvals: Implement workflows that split approvals based on field type values. [20-23]

Projection and Fulfillment

  • Concept of Projection: Learn how to extend PBAC policies to non-PBAC systems, like Azure. [24, 25]
  • Fulfillment Groups: Discuss how Fulfillment Groups bridge EmpowerID and external systems. [6, 25]
  • Azure Configuration: Set up projection and fulfillment for Azure applications. [24, 25]

Risk Management and Recertification

  • Risk Management: Discover how EmpowerID’s PBAC implementation aids in identifying and mitigating risks. [4, 5]
  • Recertification Importance: Understand the importance of recertifying PBAC policies regularly. [6, 26]
  • EmpowerID's Recertification Features: Explore capabilities and any limitations of the EmpowerID platform. [6, 26]

Lab 2: Implementing Advanced PBAC Policies

  1. Define Field Types: Use Field Types for precise resource scoping.
  2. Approval Workflows: Configure workflows with split approvals for fine-grained control.
  3. Azure Projection: Set up projection and fulfillment for Azure apps to extend PBAC policies.

Lab 3: Risk Assessment and Recertification Exercise

  1. Risk Analysis: Review existing access assignments and identify potential risks.
  2. Mock Recertification: Perform a recertification exercise to review and validate user access.

Detailed Content and Labs

The course content includes:

  • Conceptual Explanations: Diagrams and examples to clarify PBAC concepts.
  • Step-by-Step Configuration: Detailed instructions for setting up EmpowerID.
  • Hands-On Labs: Practical exercises with realistic scenarios to reinforce learning.

Note: Lab environments are pre-configured with EmpowerID and necessary resources. Lab guides include clear instructions and expected outcomes.

Additional Information

This course outline is based on the provided information and may require consultation with EmpowerID documentation or experts for software-specific details, lab setup, and recertification policy creation.