By WalkingTree June 04, 2021
Providing users access to data and applications is a matter of delicate balance. Users need simplicity and your IT department needs security. User Access Management (UAM) or Identity Access Management solutions ensure the right people reach the right information, compliantly and safely.
Let’s dig in to learn how web applications handle all these access and privileges.
Type of users
The user access level depends on which rights you assign to respective user accounts, and these permissions depend upon the type of users. To understand how user access management works, it is important for you to know the different types of users, and the rights assigned to them:
If you are accessing a website without sharing information about yourself, you will be categorized under Anonymous/Unauthenticated user. You have permission to surf through the basic outer layer of the web application (the least amount of privilege). However, if you want to further engage with the website and its resources, you need to be an authenticated user.
If you log in to the web application using your credentials and your identity is verified, you will be granted access to more functionality and data on the website. You have permissions, more than unauthenticated users.
If you have full access and privileges in a web application, you are the administrator for that app. Additionally, you will have the power of making changes to the web application and access all data and functionality.
Through this mechanism, the web application makes sure that you are the person you claim to be. The process involves – identifying your identity before giving you roles/access rights. The types of authentication are based on:
Username and password-based
To authenticate as a user, you have to log in using your credentials- username and password to prove your identity.
Username and OTP-based
To verify your identity, you have to log in using your username and OTP code sent via phone or email.
This process relies on the verification through your unique biological characteristics, which involves granting access based on your retina scans, fingerprint scanning, facial recognition, etc.
Session and Session ID
A session ID is a unique number that a server assigns you (as a user) for the duration of your visit (session). It can be stored as a cookie, form field, or URL. The backend server creates a session after authentication and will provide you with a Session ID. The user data stored at the server which contains their information can be:
- Unique ID of the user
- Role of the user
- Starting time of the session
- Ending time of the session
- Payment information
Initially, as a user, you have to undergo the authentication process and a session is created at the backend. A session ID corresponding to that session is issued to you. Now every time you make a request, the backend server retrieves the session ID and allocates access.
To further understand how user access management is used to enhance privilege management in modern web applications, and how you can make it work yourself, read on.
With WalkingTree’s eUAM, you can create and manage users and groups, and assign permissions based on user attributes using our cloud-based solution. Know more.
The need for improvement in healthcare UX has become apparent over the years. According to a John Hopkins…
Welcome back to the Dashboard Design Principles series! If this is your first time here, part 1 will…
It is frustrating to not have the information you need at your fingertips. With astronomical data coming in…
It has become evident that over the past decade the BFSI industry is heading toward a major overhaul….
Accessibility put simply, is a user experience designed for all. This concept, although around for a while, has…