Identity & Access Management (IAM)
Manage who has access to which resources in Zitcha by assigning users roles within teams.
Zitcha’s Identity and Access Management (IAM) system controls who can access what within the platform. It gives you fine-grained control over permissions and helps you follow the security principle of least privilege—no one should have more permissions than they need.
How IAM works
With IAM, you define who (user) has what access (role) to which resource (team).
- Resources include plans, ad sets, orders, ads, and the associated metrics or wallets.
- Permissions are bundled into roles. Roles are then assigned to authenticated users.
- Policies are enforced at the resource level. When a user tries to take an action, IAM checks the policy attached to that resource to decide whether it’s allowed.
A user can belong to one or multiple organisations, but their role and team configuration is always unique per organisation.
Key Concepts
IAM is built around three main parts:
User
- A registered account for an individual.
- Identified by an email address and unique ID.
Role
- A collection of permissions.
- Defines what operations are allowed on a resource.
- Granting a role to a user gives them all the permissions included in that role.
Team
- A scope of resources a user can access.
- Teams define which resources are available.
- A user must hold a role within each team they belong to.
Example
If you have a Retailer Team and a Marketing Team:
- A user in the Retailer Team might have a Manager role, which allows them to create and approve orders.
- The same user in the Marketing Team might have a Viewer role, which only allows them to view reports.
This flexible model makes sure users have the right access in the right places no more, no less.
Updated 2 months ago