Manually managing access with policies or roles

In this setup, application access and authorization roles are fully governed by you (the provider). The provider creates and manages access policies and/or roles, and is solely responsible for assigning them to customer organizations or to specific users within those organizations.

Policy assignment model

Manual assignment by provider: Providers define the access policies (which determine what applications or features can be accessed) and roles (which define the user's level of access or responsibility). These are manually assigned to:
- Entire customer organizations, or
- Individual users within customer organizations.
No customer control: Once a policy or role is assigned, customer organizations - including their administrators - cannot edit, reassign, or remove them. This guarantees complete control by the provider over both who gets access and what level of access they receive.
Granular targeting: Providers can tailor access with precision by combining roles and policies, applying them based on internal rules, eligibility, or operational need - without requiring customer intervention.
No legal terms or pricing: These assignments do not depend on pricing tiers or formal contracts. The access model can be used for free, internal, experimental, or restricted-use cases where access is selectively granted.

Key Characteristics

Feature

Description

Control

Provider-managed only (for both policies and roles)

Creation & assignment

Defined and assigned solely by the provider

Assignment acope

Organization-level or user-level

Customer visibility

Customers can view assigned policies/roles, but cannot modify them

No legal binding needed

Access and role assignment do not require pricing or legal agreements

Use case fit

Ideal for scenarios requiring strict provider control over access and authorization levels

Example Scenarios

A workflow automation platform grants backend access roles to enterprise IT teams in selected companies - without needing any customer-side configuration.
A beta feature is made available to specific users via a manually assigned role and access policy, managed entirely by the provider.
A regulated healthcare integration assigns read-only roles and application access based on internal compliance vetting, not customer input.

How to set this up

The following steps apply the same for roles or policies.

Refer to creating Policies to configure a policy that grants access to (parts of) your application(s).
Navigate to the Accounts.
Select the account you want to give access to (in case the customer account is not available, see Customer Accounts).
Determine if you want the entire organization to have access, or only specific users
1. Entire organization:
  1. Go to Policies > Assigned Policies
  2. Click ‘Assign Policy’ > To organization
  3. Select the account and policy that gives the required access
  4. Confirm the choice and close the dialog by clicking Assign Policy.
  5. This can also be done by going to Accounts > Selecting the account > Expand the Policies section and clicking to 'Assign Policy'.
2. Specific users:
  1. Go to Policies > Assigned Policies
  2. Click ‘Assign Policy’ > To users
  3. Select the user/s and policy that gives the required access
  4. Confirm the choice and close the dialog by clicking Assign Policy.
  5. This can also be done by going to Users > Selecting the user > Access > 'Assign Policy'
Your customer (or user of customer) can now login to your application.

An overview of all Policies assigned to customers (both accounts and users) can be found from the Policies or Role section, depending on the type of policy assigned. Policies can also be removed from these overviews, or from the Policies tab on the Account detail page, or Account - User detail page.

PreviousSelling perpetual one-off licenses to organizations NextOpen access for Veriam account holders

Last updated 20 hours ago

Was this helpful?