Home > Storage > PowerScale (Isilon) > Product Documentation > Management and Migration > PowerScale OneFS Authentication, Identity Management, and Authorization > Authentication provider behavior between RBAC and ZRBAC
Before OneFS 8.2.0, authentication providers were created in System access zones and accessible by any access zones in a cluster. Each non-System access zone contains only its own local provider and uses other providers in the System access zone, as shown in the following figure. A local provider is created implicitly in each access zone.
Figure 34. Authentication provider behavior in RBAC
Starting with ZRBAC in OneFS 8.2.0, when an authentication provider is created from an access zone, it is implicitly associated with the access zone. As shown in Figure 35, an authentication provider has following behavior based on that association.
Note: The name of an authentication provider must be unique globally. For example, you cannot create an LDAP provider named “ldap01” in two different access zones.
Figure 35. Authentication provider behavior in ZRBAC