Versions Compared

Old Version 1

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version 2

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. On the navbar, expand Compliance and click Risk Management.

  2. On the Risk Management page, select the Global Functions tab and then search for the global function with the local function you want to map.

  3. Click the Name link for the global function.

    Image RemovedImage Added

  4. On the Global Function Details page, select the Function Mapping Rules tab and then expand the Local Functions accordion.

  5. Click the Name link for the local function.

    Image RemovedImage Added

  6. On the Local Function Details page, select the Function Mappings tab and then expand the accordion relating to what you want to map.

    • Local Rights Granting Function (Mapped) — This accordion allows you to search for and select local versions of rights inherited from the parent global function. For example, if the parent global function is mapped to the microsoft.directory/groups.unified/members/update right, you will only be able to select that right in the actual entities, systems, and locations in your environment where they can do them.

    • Local Roles Granting Function (Mapped) — This accordion allows you to search for and select local versions of roles inherited from the parent global function. For example, if the parent global function is mapped to the Global Administrator role, you will only be able to select that right in the actual entities, systems, and locations in your environment where they can do them.

    • Assignees Granting Local Function (Mapped) — Allows you to specify one or more EmpowerID actor types with the function. Actor types can include:

      • Business Role and Location — All people belonging to the Business Role and Location will be flagged as having the function

      • Group — All people belonging to the group will be flagged as having the function

      • Management Role — All people belonging to the Management Role will be flagged as having the function

      • Management Role Definition — All people belonging to the Management Roles derived from the definition will be flagged as having the function

      • Person — The specified person will be flagged as having the function

      • Query-Based Collection — All people belonging to the Query-Based Collection will be flagged as having the function

  7. Search for and select the rights and roles you want to map to the function. In the below example, we select the microsoft.directory/groups.unified/members/update right for the DocsScim system. In this way the function only returns users with that right in that system.

    Image RemovedImage Added

  8. When you have finished mapping roles and rights, click Submit.

...