Skip to main content

Configuring Field Types for App Rights

Field Types enable fine-grained access control by allowing policies to evaluate attributes when users request application rights. By associating Field Types with app rights, you can enforce context-specific access control based on structured data categories such as region, department, or product type.

Field Types in Access Control

Field Types implement attribute-based access control (ABAC) within EmpowerID's PBAC model. When configured for app rights, they allow users to specify context during access requests, enabling policies to make dynamic authorization decisions. For more information, see Understanding Field Types in EmpowerID PBAC.

This article demonstrates how to configure Field Types for app rights in PBAC-enabled applications.

Prerequisites

Before configuring Field Types for app rights, ensure you have:

  • Access to Resource Admin with the Application RBAC Owner Management Role (or higher)
  • An existing PBAC application with app rights already created
  • Field Types already defined for the application (either application-specific or shared)

Procedure

  1. Sign in to Resource Admin with at least the Application RBAC Owner Management Role.

  2. Select Applications from the Resource Type menu, search for the target PBAC application, and click the Details button.
    Locating PBAC application
    The application Overview page opens.
    Application overview

  3. In the application menu, navigate to PBAC Definitions > App Rights.

  4. Locate the app right you want to configure, click the gear icon next to it, and select Configure Field Types for Right.
    Configuring field types

    The Configure Application Authorization Field Type workflow opens.

  5. Search for and select the desired PBAC Field Type, then click Next.
    Selecting field type

  6. Configure the field type settings:

    FieldDescription
    Selection is RequiredForces users to select a value for this field type when requesting the app right.
    Allow selection of any values defined for field typeEnables users to choose from all available field type values.
    Field Type ScopeSet to Resource for resource-based field types.
    User Interface Selection OptionDetermines the UI control shown to users (e.g., MultiSelectCheckBoxList for multiple selections). For details on selection rules, see Understanding Field Type Selection Rules.

  7. Click Next to finalize the configuration.
    Field type configuration

  8. Click Submit to apply the changes.

Verify the Results

To confirm the field type was configured successfully:

  1. Return to PBAC Definitions > App Rights in the application menu.
  2. Click the Details button for the configured app right.
    App right details
    The app right details page opens.
    App right overview
  3. Navigate to the Field Types tab to view all configured field types for the app right.
    Field types list
Security Note

Only users with the Application RBAC Owner Management Role can configure field types for app rights. All configuration changes are logged for audit purposes. Field type configurations directly impact access control policies—ensure they align with your organization's least privilege principles.

Next Steps

After configuring field types for app rights:

  • Test the app right in the IAM Shop to verify field types display correctly during access requests