Skip to main content

Best Practices to add app level permissions

There are some best practices that you should consider while adding entitlements to your application. In this document, we would elaborate on those best practices and guidelines for the same.

Guidelines for Constructing Entitlements for your application

If your application is a disconnected application (or your application doesn’t have a connector yet), then in that case, you need to add the entitlements for that application manually while onboarding the application.

  • To ensure that your app-level permissions cover 95–97% of your use cases, try to keep a bunch of these permissions you will likely require. There will always be exceptions. Therefore, you should primarily bear this in mind while creating or modifying entitlements in IDHub.
  • Every target system or application would have a different type of entitlement construction. That mostly depends on two major factors. The first factor is the application itself like what app level permissions are already there and the specific use-cases of your organization.

Some Use-Case Scenarios for better understanding

Use-Case Scenario #1 :

A Project management application like Wrike. In your organisation, you might be using Wrike to manage all your projects. Wrike might provide access to the users of the application based on project roles. Then all those project roles can be added as entitlements in IDHub.

Use-Case Scenario #2:

If you are using Jira to manage your projects. In this case, you need to add each project as app-level permission or entitlement in IDHub. Every Jira project it has some roles, so those roles will be regarded as entitlement attributes. The entitlement attribute would have the project role type. Users can request the entitlement based on the values of the Entitlement attribute (i.e. project role type).

Use-Case Scenario #3:

Custom Roles in Jira

In Jira, you might have created custom roles for managing your specific organization's needs. In this case, you can add the entitlements for Jira in IDHub based on those custom roles.

Use-Case Scenario #4:

Granular Permissions in Jira

You might have created certain granular permissions for a Jira project for a certain user. Those permissions can be for instance: create issue, edit issue, write issue, re-assign issues etc. IDHub would allow you to add these granular permissions as entitlements in IDHub.