Authorization is the act of determining that a person is entitled to access a resource in question. After an end user is authenticated, a system can then make an informed decision as to whether that end user should be allowed to access the resource they are requesting.
Current Authorization Services
- Apollo is a centralized, mainframe-based authorization and group membership repository. It allows developers to set up group membership and authorization schema for their applications.
- DPUSER is a mainframe application containing metadata that support a wide range of university applications and processes, including information about users, departments, applications, files, and application authorizations.
- The OHS Contacts System is a tool used by central offices to identify individuals in campus departments that are responsible for specific business and technical roles.
- For web applications that are protected by UTLogin authentication, authorization settings can be configured using the UTLogin Realm Policy Manager.
- The Phase 1 of the Identity and Access Management Modernization Program implemented Group and Role Management functionality, including role-based access management within SailPoint IdentityIQ (IIQ).
- Group and Role Management functionality allows an organization to manage application authorizations more efficiently by treating a collection of users who need the same type of access as a unit. One or more authorizations can be associated with the role and users can be assigned to that role either by request or automatically based on an attribute on the user.
Future Authorization Services
- The Legacy Authorization Systems Roadmap (LASR) is an online resource to inform the UT Austin community about the future of authorization management focusing on the retirement of Apollo, DPUSER, and OHS Contacts.