By WalkingTree  June 04,  2021

User Access Management to guidethrough the modern web application

Providing users access to data and applications is a matter of delicate balance. Users need simplicity and your IT department needs security. User Access Management (UAM) or Identity Access Management solutions ensure the right people reach the right information, compliantly and safely.

Let’s dig in to learn how web applications handle all these access and privileges.

Type of users

The user access level depends on which rights you assign to respective user accounts, and these permissions depend upon the type of users. To understand how user access management works, it is important for you to know the different types of users, and the rights assigned to them:

Anonymous/Unauthenticated users

If you are accessing a website without sharing information about yourself, you will be categorized under Anonymous/Unauthenticated user. You have permission to surf through the basic outer layer of the web application (the least amount of privilege). However, if you want to further engage with the website and its resources, you need to be an authenticated user.

Authenticated Users

If you log in to the web application using your credentials and your identity is verified, you will be granted access to more functionality and data on the website. You have permissions, more than unauthenticated users.

Administrators

If you have full access and privileges in a web application, you are the administrator for that app. Additionally, you will have the power of making changes to the web application and access all data and functionality.

Authentication Process

Through this mechanism, the web application makes sure that you are the person you claim to be. The process involves – identifying your identity before giving you roles/access rights. The types of authentication are based on:

Username and password-based

To authenticate as a user, you have to log in using your credentials- username and password to prove your identity.

Username and OTP-based

To verify your identity, you have to log in using your username and OTP code sent via phone or email.

Biometric-based

This process relies on the verification through your unique biological characteristics, which involves granting access based on your retina scans, fingerprint scanning, facial recognition, etc.

Session and Session ID

A session ID is a unique number that a server assigns you (as a user) for the duration of your visit (session). It can be stored as a cookie, form field, or URL. The backend server creates a session after authentication and will provide you with a Session ID. The user data stored at the server which contains their information can be:

  • Unique ID of the user
  • Role of the user
  • Starting time of the session
  • Ending time of the session
  • Payment information

Initially, as a user, you have to undergo the authentication process and a session is created at the backend. A session ID corresponding to that session is issued to you. Now every time you make a request, the backend server retrieves the session ID and allocates access.

To further understand how user access management is used to enhance privilege management in modern web applications, and how you can make it work yourself, read on

With WalkingTree’s eUAM, you can create and manage users and groups, and assign permissions based on user attributes using our cloud-based solution. Know more.

Blogs

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.