...
Eligibility policies can be defined with rules known as “Inclusion” and “Exclusion.” Inclusion rules define the items a user is authorized to see and request in the IT Shop and ensure these items are only the ones that would make sense for them to request. A multinational company example would be a Field Sales employee in Austria that should not see the same requestable items as a Developer in Brazil. Their catalog of requestable roles and resources should be different, giving them a more pleasant user experience and ensuring An application example could be using rules to filter the type of applications and other resource types available for sales employees and developers. The catalog of requestable resources available to each of those employees should be different to ensure that unwarranted access requests are not generated, creating unnecessary approval tasks.
Eligibility Exclusion rules can be created as a protective measure to enforce regulatory restrictions and ensure that specific classes of users do not accidentally receive the ability to request items they should not.
...
Eligibility policies also include the capability of affecting the approval flow for an item requested by a user. When assigning eligibility policies, the policy author may assign an Eligibility Type for the assignment.
There are three types of eligibility in EmpowerID.
...
. Additionally, inclusion and exclusion rules help organizations provide employees a more pleasant user shopping experience as they are shielded from viewing resources that they cannot request.
| Note |
|---|
If a user is excluded (either directly or indirectly by virtue of belonging to a group or role that is excluded), the exclusion takes priority over inclusion. Thus, if a user is eligible for a given resource via one assignment, but not eligible for that same resource via another assignment, that user will not be able to see or request access to the resource. |
Inclusion rules, also known as “Eligibility Type,” include the following:
Eligible – Users can request items in the IT Shop, and the request will go for approval unless the requesting person has the RBAC delegations needed to grant the requested accessbased on the Approval Flow policies specified for the item.
Pre-Approved – Users assigned Users assigned the policies are pre-approved for the items to which the policy is applicableapplies. When the IT an IT Shop user later requests access , it will not require an approval step before being fulfilled.Suggested – The IT Shop item will show a “Suggested” additional item they may request because of their existing roles or in the context of a role they are currently requesting. The item will still follow standard approval routing rules.to a resource for which they are pre-approved, the system automatically grants them access.
Suggested – Users assigned the policies may opt to view additional “Suggested” items they may request. The item will still follow standard approval routing rules.
| Info |
|---|
Related Docs Topics: |
...