DocumentationExperience PlatformAccess Control Guide

Attribute-based access control API guide

Last update: Thu Dec 08 2022 00:00:00 GMT+0000 (Coordinated Universal Time)

CREATED FOR:

  • Developer
  • User
  • Admin
  • Leader

Attribute-based access control is a capability of Adobe Experience Platform that enables administrators to control access to specific objects and/or capabilities based on attributes. Attributes can be metadata added to an object, such as a label added to a schema field or segment. An administrator defines access policies that include attributes to manage user access permissions.

The attribute-based access control API is used to access roles, products, permission categories, and permission sets within Adobe Experience Platform, providing a user interface and RESTful API from which all available library resources are accessible.

IMPORTANT
Attribute-based access control is not to be confused with Experience Platform’s data governance capabilities, which allow you to use labels and policies to control how data is used in Platform rather than which users in your organization have access to it. See the Policy Service API guide for steps on how to programmatically leverage these capabilities.

These endpoints are outlined below. Please visit the individual endpoint guides for details and refer to the getting started guide for important information on required headers, reading sample API calls, and more.

Roles

Roles define the access that an administrator, a specialist, or an end-user has to resources in your organization. In a role-based access control environment, user access provisioning is group through common responsibilities and needs. A role has a given set of permissions and members of your organization can be assigned to one or more roles, depending on the scope of view or write access they need. See the roles endpoint guide for more information on working with roles in the API.

Policies

Policies are statements that bring attributes together to establish permissible and impermissible actions. Policies can either be local or global, and can override other policies. The /policies endpoint allows you to programmatically manage policies in your organization. See the policies endpoint guide for more information on working with policies in the API.

Products

The /products endpoint in the attribute-based access control API allows you to programmatically manage products as well as permission categories and permission sets associated with products in your organization. See the products endpoint guide for more information on working with products and their corresponding permission categories and permission sets in the API.

Next steps

To begin making calls using the attribute-based access control API, read the getting started guide then select one of the endpoint guides to learn how to use specific endpoints.

recommendation-more-help
631fcab2-5cb1-46ef-ba66-fe098ac723e0