LUSID’s role-based access management system (RBAC) is designed to give you precise control over who can do what in your LUSID domain. It consists of two separate but interrelated systems:
The identity management system controls how users authenticate (that is, sign in) to LUSID
The access control system controls which LUSID datasets and features users are permitted to access once authenticated.
The best place to start is with our white paper explaining how these systems work together.
Note: You can transition LUSID to a user-based access management system (UBAC) if you do not need to model professional responsibilities as roles. More information.
Your ability to administer these systems is subject to access control permissions itself, but assuming you have sufficient privileges you can use the Identity and Access menu in the LUSID web app:
Alternatively, you can interact with these systems programmatically using a variety of API and SDK resources.
Explanation: Understand the big picture
Understanding how LUSID’s identity management and access control systems work
RBAC vs UBAC: Setting up user-based access control for LUSID
Tutorials: Get started by doing something tangible
Reference: Understand concepts and implications
How-to guides: Get something done
How do I change passwords or MFA settings, or revoke access?
How do I obtain and use a short-lived API access token from Okta?
How do I create or revoke a long-lived personal access token?
How do I create a data policy to control access to properties?
How do I specify an expiry date or a rolling validity date for a policy?
How do I assign policies, roles and users to each other using the API?
How do I grant secure access to my LUSID domain for support?