The AppGate system uses a hierarchical approach to system configuration and administration. Users are at the top level of the hierarchy. Each user is associated with one or more roles. The roles contain services and/or folders (which in turn can contain services and folders). The services contain components which grant access to resources. So from top to bottom,
Users belong to roles. Note that users can only be associated with roles.
Roles are made up of folders and services. A user session must always be associated with one or more roles. The user must choose which roles to use when connecting. If the user wants to access multiple roles in one session then all of those roles must have the "Combinable" flag set. Access rules may limit the set of roles available to the user and which services/folders are included in the roles.
Folders are purely structural elements which may contain other folders and/or services. Folders may be visible in the clients, so that users can have a tree view of their services. They can also be invisible if so desired. Access rules may limit the set of included folders and services.
Services are the elements the user will see and may activate in the client. They are made up of components.
Components are the final building blocks. Each component grants access to one specific resource.
