Explain AssigneeTypeEmpowerID RBAC actors, also known as “Assignees” are different ways to group people in order to assign them to policies and grant them access through the RBAC system. Below we can see the main Actor Types or “Assignee Types” that are used for such delegations. Accounts are also one of the assignee types but are only used in special situations such as for granting Azure native access.
...
| View file | ||
|---|---|---|
|
...
| View file | ||
|---|---|---|
|
ERD: Key RBAC Actors
•Management Role – functional role derived from a single parent
•Management Role Definition – parent for derived Management Roles
•Group – collection of users from external system. Can be used as a role
•SetGroup “Query-Based Collection” – query set of resources or People
Person – primary actor
OrgRole – Business Role
OrgZone – Organizational Location
OrgRoleOrgZone – assignable business role + organizational location/context
...