Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
EmpowerID restricts access to compliance policy operations through the use of Management Roles. To work with compliance policies, users must be assigned to the appropriate roles. Management Roles are prefixed by their function in EmpowerID and include the following:
UI — Management Roles prefixed with UI grant users access to specific UI elements in the EmpowerID Web interface. An example of this type of role for compliance is UI-Audit-Full-Access. This role grants users full access to the audit workflows and user interfaces needed to allow a user to review their audit tasks and those of others.
VIS — Management Roles prefixed with VIS grant users the ability to see specific objects in EmpowerID. An example of this type of role for compliance is VIS-Audit-All. This role grants users visibility for all audits
ACT — Management Roles prefixed with ACT grant users the ability to manage specific objects in EmpowerID. An example of this type of role for compliance is ACT-Audit-Object-Administration-All. This role grants users access to create, edit, and delete all audits.
Role bundle needed to manage Compliance policies
To manage compliance polices, users need the following Management Role
Management Role | Access Granted by Management Role | Role Type |
---|---|---|
Compliance Administrator | Grants users access to create and manage recertification campaigns and risk policies. | Role Bundle |
Individual Management Roles included in Role Bundle | ||
Management Role | Access Granted by Management Role | Role Type |
ACT-SoD-Policy-Object-Administration | Grants users full object administration (Create, Update, Delete) for Separation of Duties Policies | Activity |
ACT-Audit-Object-Administration-All | Grants users access to create, edit, and delete all audits. | Activity |
UI-Audit-Full-Access | Grants users full access to the audit workflows and user interfaces to allow a user to review their audit tasks and those of others. | Feature Set |
UI-SoD-Policy-Full-Access | Grants users full access to the Separation of Duties Policy workflows and user interfaces. | Feature Set |
VIS-Audit-All | Grants users visibility for all audits | Visibility |
VIS-Location-All | Grants users visibility for all locations | Visibility |
VIS-Person-All | Grants users visibility for all people | Visibility |
VIS-SetGroup-All | Grants users visibility for all Query-Based Collections | Visibility |
Role bundle needed to participate in Compliance activities
To participate in compliance activities, users need to have a combination of the following Management Role assignments (based on the needed scope):
Management Role | Access Granted by Management Role | Role Type |
---|---|---|
Compliance User | Grants users access able to participate in recertification and review SoD violations | Role Bundle |
Individual Management Roles included in Role Bundle | ||
Management Role | Access Granted by Management Role | Role Type |
UI-Audit-Participant | Grants users limited access to the audit workflows and user interfaces to allow a user to review their audit / recertification tasks. | Feature Set |
UI-SoD-Policy-Violation-Reviewer | Grants users access to the Separation of Duties Violation user interfaces and workflows needed to be a violation reviewer. | Feature Set |
VIS-BusinessRole-All | Grants users visibility for all Business Roles. | Visibility |
VIS-Groups-All | Grants users visibility for all groups. | Visibility |
VIS-Location-All | Grants users visibility for all locations. | Visibility |
VIS-Management-Role-All | Grants users visibility for all Management Roles. | Visibility |
VIS-Person-All | Grants users visibility for all people. | Visibility |
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|
Div | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
IN THIS ARTICLE
|