Once a local function has been created and added to a global function, you can map external system rights and local roles to the function. This lets you know who can do what in the external system the functions are mapped to. This article demonstrates how to create a Right Mapping policy for a local function and map rights to the policy.
Create a right mapping policy
On the navbar, expand Compliance and click Risk Management.
Select the Local Functions tab and search for the local function you want to map on the Risk Management page.
Click the Name link for the local function.
Image Modified
This opens the View One page for the local function. This page allows you to view and manage the function as needed.
Image Modified
On the View One page, select the Function Mappings tab and click the Add [+] button.
Image ModifiedIn the dialog that appears, enter the following information and click Save.
Name – Name of the Right mapping policy
Display Name – Display name of the Right mapping policy
Is Enabled – Select to enable compilation of the Right mapping policy
Image Modified
After saving the new policy, click the Name link for it.
Image Modified
This opens the View One page for the Local Function Policy. From this page, you can add rights to the policy.
Image ModifiedExpand the Rights and Field Types Mapped to Function accordion and click the Add [+] button.
Image ModifiedIn the Right field, search for and select the right within the managed resource system you want to add to the policy. In the below example, we select microsoft.directory/groups/createasowner right for a specific Azure tenant. In this way the function only returns users with that right in that system.
Image ModifiedClick Save.
Image Modified Insert excerpt |
---|
| IL:External Stylesheet |
---|
| IL:External Stylesheet |
---|
nopanel | true |
---|
|
Page Properties |
---|
|
Select the Function Mappings tab and expand the accordion relating to what you want to map on the Local Function Details page. Right Mapping Policies – This accordion allows you to create search for and select local versions of rights inherited from the parent global function. For example, suppose the parent global function is mapped to the microsoft.directory/groups.unified/members/update right. In that case, you will only be able to select that right in the actual entities, systems, and locations in your environment where they can do them. Local Roles Granting Function (Mapped) – This accordion allows you to search for and select local versions of roles inherited from the parent global function. For example, suppose the parent global function is mapped to the Global Administrator role. In that case, you will only be able to select that right in the actual entities, systems, and locations in your environment where they can do them. Assignees Granting Local Function (Mapped) – This allows you to specify one or more EmpowerID actor types with the function. Actor types can include: Business Role and Location – All people belonging to the Business Role and Location will be flagged as having the function Group – All people belonging to the group will be flagged as having the function. Management Role – All people belonging to the Management Role will be flagged as having the function Management Role Definition – All people belonging to the Management Roles derived from the definition will be flagged as having the function Person – The specified person will be flagged as having the function Query-Based Collection – All people belonging to the Query-Based Collection will be flagged as having the function
Search for and select the rights and roles you want to map to the function. In the below example, we choose the microsoft.directory/groups.unified/members/update right for the DocsScim system. In this way the function only returns users with that right in that system. Image ModifiedWhen you have finished mapping roles and rights, click Submit.
|
...
See Also
Div |
---|
style | float:left; position:fixed; |
---|
id | articleNav |
---|
|
IN THIS ARTICLE Table of Contents |
---|
maxLevel | 4 |
---|
minLevel | 2 |
---|
style | none |
---|
printable | false |
---|
|
|