What are Resources and Resource Types?
Understanding Resources
Resources in EmpowerID represent the objects that the platform manages and protects. These objects span a wide range of entities—user accounts, groups, mailboxes, pages, workflows, roles, and even custom application objects. Whether a resource exists in Active Directory, Microsoft Exchange, SharePoint, an HR system, or within EmpowerID itself, the platform treats it as a manageable, securable entity.
Resources are the lowest level secured base objects in EmpowerID for which management tasks can be performed. All objects of any type that are managed by EmpowerID in a secure fashion have a resource entry in the EmpowerID Identity Warehouse. This unified approach allows EmpowerID to apply consistent access control, audit trails, and governance across diverse IT systems and object types, regardless of where those objects physically reside.
The power of this model lies in its consistency. A user account in Active Directory, a mailbox in Exchange, and a page in EmpowerID's interface are all treated as resources with the same fundamental security and management principles applied to each. This consistency simplifies administration and ensures that access control policies work the same way regardless of which system's objects you're managing.
Resource Systems
EmpowerID inventories, manages, and protects resources in what are called resource systems. Resource systems define the specific system within which a resource resides and can include Active Directory domains, LDAP directories, HR systems, Microsoft Exchange Organizations, SharePoint Farms, custom applications, and even the EmpowerID system itself.
Resource systems are the external IT systems that EmpowerID connects to and integrates with. Each resource system has its own record in the resource_systems table, complete with a unique identifier. The type of resource system is linked to the definition of the connector used for inventorying data from that external system.
When EmpowerID connects to a resource system through a connector, it inventories the resources within that system and creates corresponding entries in the resource table. This inventory process maintains the relationship between each resource and its source system, enabling EmpowerID to understand where each resource exists and how to interact with it. As resources change in the external system—created, modified, or deleted—EmpowerID's inventory processes keep the resource table synchronized with the current state of each connected system.
Interestingly, EmpowerID itself is considered a resource system, containing its own set of protected resources such as workflows, pages, roles, and APIs. This self-referential design allows EmpowerID to apply the same security and management principles to its own components that it applies to external systems, ensuring consistent governance across all managed objects.
How Resources Are Stored
At the core of EmpowerID's functionality lies the concept of protected resources tracked in a central resource table. This table serves as a registry for all managed items, containing essential information about each resource, including its type, the resource system it belongs to, and basic identifying details.
However, the resource table is just the starting point. To provide a more comprehensive representation of each resource, EmpowerID employs a system of component tables. These tables, such as the account table, group table, or management role table, contain more detailed, type-specific information about each resource. For example, an account will have a basic record in the resource table, but its full set of attributes and specific account-related information will be stored in the account table.
This architecture allows EmpowerID to manage resources consistently while also accommodating the unique attributes and behaviors of different resource types. The resource table provides the common foundation for security and management operations, while component tables provide the specialized data needed for each type of resource. This separation enables efficient queries and operations while maintaining the rich detail necessary for managing diverse object types.
Resource Types and Classification
EmpowerID catalogs each resource by resource type, which defines the nature and characteristics of the resource. Resource types exist for all secure EmpowerID objects such as people, pages, workflows, and APIs, as well as resource types for external systems such as Exchange Mailboxes or SharePoint web sites.
EmpowerID catalogs each of these resource objects by resource type so that they can support different properties, management operations, rights, and Access Level Definitions. Classifying resources by resource type provides a consistent interface for ease of resource management.
EmpowerID supports a wide variety of resource types, ranging from Person and Account objects to more specialized types like Azure Application objects or SharePoint Online groups. This versatility allows EmpowerID to provide comprehensive management across a wide array of IT systems and object types.
Each resource type can support different properties relevant to that type of resource. A Person resource type has properties like name, email, and organizational relationships. An Exchange Mailbox resource type has properties like mailbox size, quotas, and mail forwarding settings. A Management Role resource type has properties like role hierarchy and access level assignments. By organizing resources into types, EmpowerID can present appropriate management interfaces and apply relevant operations for each kind of resource.
Resource types also determine what operations and rights can be applied to resources of that type. Not all operations make sense for all resource types—you can add an account to a group, but you cannot add a page to a group. The resource type defines which operations are applicable, ensuring that users are only presented with actions that are meaningful for the resource they're working with. This constraint prevents errors and ensures that the system's behavior remains predictable and appropriate for each type of resource.
Summary
Resources are the fundamental objects that EmpowerID manages and protects, representing everything from user accounts and groups to pages and workflows. These resources exist within resource systems—the external IT systems that EmpowerID connects to, as well as EmpowerID itself. EmpowerID tracks all resources in a central resource table, with type-specific details stored in component tables that accommodate the unique attributes of different resource types.
Resources are classified into resource types, which determine their properties, applicable operations, and management behaviors. EmpowerID supports a wide variety of resource types, from standard objects like users and groups to specialized types like Azure applications and SharePoint sites. This classification system allows EmpowerID to provide a consistent management interface while accommodating the unique characteristics and requirements of different types of resources. By understanding how resources, resource systems, and resource types work together, you can better understand how EmpowerID organizes and secures the objects it manages.