Identity-Based Access Policies#

With identity-based access policies, you can:

  • Define access for specific agents using their WebIDs; e.g., WebIDagentX and WebIDagentY have Read access to a Pod resource.

  • Define access for all agents using a Public agent identifier

  • Define access for all authenticated (or all unauthenticated) agents using an Authenticated agent identifier.

Additionally, you can include client identifiers to the agents’ access policy definitions. This feature allows you to decide not only who has access to your data but also which applications the agent can use to access your data. To include the client identifier in the agents’ access policy definition:

  • Use the clients’ identifiers to include specific clients in the agents’ access definition.

  • Use the Public client identifier to include all clients in the agents’ access definition.


ESS uses Access Control Policy (ACP) to define the policies that determine access to Pod’s resources.

For details, see Access Control Policy (ACP).

Identity-Based Access Services#

To support identity-based access, ESS provides the following services: