Type Guide This is the current version. Quick introThe PCA™ Identity and Access Manager supports two patterns when it applies the access control.User-based authorisation.In this model ClientSystems invoke PCA™ API operations from within authenticated PCA™ user sessions.Access tokens are granted via the OAuth 2.0 authorization code grant type.The PCA™ Identity and Access Manager sets the scope of the access tokens that it issues according to the Authorisations of the PCAUser who is currently logged into the ClientSystemClientSystems that support user-based authorisation may be operated by the PCA™ Operator (e.g. the PCA™ Portal), a participating organisation, or another organisationSystem-based authorisation.In this model ClientSystems invoke PCA™ API operations independently of any user sessions – i.e. via “back-end” integration.Access tokens are granted via the OAuth 2.0 client credentials code grant type.The PCA™ Identity and Access Manager sets the scope of the access tokens that is issued according to the Authorisations of the ClientSystemA single ClientSystem may be capable of using user-based authorisation or system-based authorisation – i.e. a ClientSystem may request access tokens either using the OAuth 2.0 "authorization_code" grant type or the OAuth 2.0 "client_credentials" grant type.It is worth noting that a ClientSystem instance must use either user-based authorisation or system-based authorisation.Regardless of what mode of authorisation it uses, a software component that accesses the PCA™ API must be registered as a client of the PCA™ Identity and Access Manager ClientSystem registration is described in section Client registration.