Security

There are several security concepts in that define the degree or level of security in your installation. This chapter discusses the main security concepts including Data Object Security Model (DOSM), authorization roles, and access modifiers. These are all features that you must understand when you plan security in your implementation.

In Omada Identity, the data security concepts includes:

• Security settings: Apply to the folders and data objects in the data object tree structure. This is known as the Data Object Security Model (DOSM).
• Users and roles: Apply to users, users groups, authorization roles and service desk agent roles. Control the access to the system's master data.
• Access modifiers: Logical units that can evaluate and modify access to data objects according to a ruleset.

info

Each implementation of and has its own unique requirements. You can use this section as a point of reference in the planning stage, strategy stage, and in the implementation stage.

Identity category and legacy CIAM security behavior

The Customer value in the Identity Category property introduces legacy security behavior originating from the deprecated CIAM functionality.

When an identity is assigned the Customer category, certain hard-coded security rules may be enforced. These rules can override or bypass configured security settings defined through the DOSM and access modifiers.

As CIAM functionality is deprecated, the use of the Customer category should be carefully evaluated. Implementations relying on the configurable security model should verify whether this category introduces behavior that differs from the expected DOSM and access modifier evaluation.