To add people or a person to a management role, using the PBAC membership policy, we need to follow the below steps
Add a PBAC attribute to a person - PBAC field type or an attribute is a connector used to connect an EmpowerID actor like a person to a PBAC membership policy target such as a management role.
Create a PBAC membership policy for a management role- It is required to create a PBAC membership policy so that we can use it for a target type( e.g., a management role).
Add the same PBAC attribute to the policy - PBAC field type or attribute should be added to a PBAC membership policy, for connecting it to an EmpowerID actor.
Wait for policy compilation and verify the result - Once the policy is compiled the person will be added to the management role.
Add a PBAC field Type or Attribute to a Person
On the navbar, expand Identity Administration and select People.
Search for a person to whom you want to add a PBAC field Type.
Click on the person’s EmpowerID login link to open the view-one page for the person
Click on the PBAC attribute assignment on the left menu. After that click on the + icon to add a PBAC attribute. Select the radio button Attribute Only, search for the name of the attribute and select the two check boxes for values of attribute (sales and IT). Click Save.
This will add this attribute to the person.
Create a PBAC membership policy for a Management Role
PBAC Membership policies can be created on the view one page of the management role that is the target of the policy. In the below example, we demonstrate how to create a policy using the view-one page of a management role that is the target of the policy.
On the navbar, expand Role Management and select Management Roles.
Search for a management role name.
...
| Insert excerpt | ||||||
|---|---|---|---|---|---|---|
|
OK
| Insert excerpt | ||||||
|---|---|---|---|---|---|---|
|