The IAM API provides operations on three types of resources,
A realm provides with the necessary information to perform authentication against a certain OIDC provider .
A permission is the basic unit to provide a way to limit applications’ access to sensitive information.
In order to restrict applications’ access to data by placing restrictions on them, three parameters are important:
- permission: the value used to limit a client (user, group) access to resources.
- identity: a client identity reference, e.g. a certain user, a group, an anonymous user or someone who is authenticated to a certain realm.
- path: the location where to apply the restrictions
An ACL defines the set of permissions that certain identities have on a concrete path.
Identities endpoint can be used to fetch user identities.