Versions Compared

Old Version 7

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version 8

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

To shop for eligible resources in the IT Shop, users need to have one or more of the below Management Role assignments (based on the needed scope):

UI-IT-Shop-MS-Azure-Admin-Role

[{"label":"View Management Roles","id":"1","content":{"version":1,"type":"doc","content":[{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ACT-Person-Delegate-All"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ACT-Person-SetAsApprover-All"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-IT-Shop-MS-Azure-Admin-Role"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-IT-Shop-MS-Computer"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-MyTasks-Participant-Full"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-IT-Shop-MS-Management-Role"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-IT-Shop-MS-Azure-License"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-MyIdentity-PermanentDelegations"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-MyIdentity-EmailNotification-Settings"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-IT-Shop-MS-Business-Role"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-IT-Shop-MS-Shared-Folder"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-IT-Shop-MS-Application-Role"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-IT-Shop-MS-Mailbox"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-MyIdentity-Full"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-IT-Shop-MS-Common"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-IT-Shop-MS-Risk"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-Application-All"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-Location-MyLocationsAndBelow"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-Person-MyOrg"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-IT-Shop-MS-API"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-Computer-All"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-Management-Role-All"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-AzLocalRole-All"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-Mailbox-All"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-Groups-All"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-BusinessRequestType-All"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-MyTasks-MS-API"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-MyIdentity-MS-API"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-Location-All-BusinessStructure"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-AzGlobalFunction-All"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-Shared-Credential-All"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-AzLocalFunction-All"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-IT-Shop-MS-Azure-RBAC-Role"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-License-Pool-All"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Vis-OrgRoleOrgZone-ALL"}]}]}]},{"type":"paragraph","content":[]}]}},{"label":"New Dropdown","id":"hldtnlo1o","content":{"version":1,"type":"doc","content":[{"type":"paragraph","content":[{"type":"text","text":"test test test"}]}]},"icon":"font-awesome/RegImage"}]

Application Role

Management Role

Description

Role Type

ACTUI-PersonIT-PasswordShop-SelfMS-Service

Grants users access to change password, enroll and other password self-service operations.

Activity

UI-Person-Password-Self-Service

Grants access to change password, enroll and other password self-service workflows and user interfaces.

Feature Set

IT Shop, My Tasks, and My Identity Self-Service Full Access

Grants full access for using the IT Shop, My Tasks, My Identity microservices

Role Bundle – Contains the below Management Roles

Dropdown macro
hardcodeWidth274
backgroundColor#0052CC
activeColor#ffffff
width43
hoverColor#00a2e0
tabTypeno-icon
alignmentleft

Grants access to shop for Application Roles (Groups) in the IT Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and web services:

Easy html macro
theme{"label":"solarized_dark","value":"solarized_dark"}
contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<style>\r\n.nav {\r\n border: 1px solid #C1C1C8;\r\n border-style: none none solid none;\r\n padding: 0;\r\n margin: 12px 0 32px;\r\n display: flex;\r\n flex-wrap: nowrap;\r\n overflow: auto;\r\n}\r\n .nav-link {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n}\r\n.nav-link.active {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n border-bottom: 2px solid #1662DD !important;\r\n border-radius: 0px !important;\r\n}\r\n</style>\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <ul class=\"nav nav-pills mb-3\" id=\"pills-tab\" role=\"tablist\">\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link active\" id=\"pills-first-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab1\" type=\"button\" role=\"tab\">User Interface Controls</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-second-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab2\" type=\"button\" role=\"tab\">Pages and Reports</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-third-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab3\" type=\"button\" role=\"tab\">Web Service</button>\r\n </li>\r\n</ul>\r\n<div class=\"tab-content\" id=\"pills-tabContent\">\r\n <div class=\"tab-pane fade show active\" id=\"tab1\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following controls:</p>\r\n <ul>\r\n <li>Target System Control (IT Shop)</li>\r\n <li>TCodes Grid Control (IT Shop)</li>\r\n <li>Manage Access Business Request Attribute Control (IT Shop)</li>\r\n <li>Application Roles Business Functions Control (IT Shop)</li>\r\n <li>Application Processes Control (IT Shop)</li>\r\n <li>Suggested Application Roles Control (IT Shop)</li>\r\n <li>Application Roles Account Store Attribute Control (IT Shop)</li>\r\n <li>Application Roles Resource System Attribute Control (IT Shop)</li>\r\n <li>Application Roles Applications Control (IT Shop)</li>\r\n <li>Application Roles Owners Attribute Control (IT Shop)</li>\r\n <li>Application Roles Advanced Search Control (IT Shop)</li>\r\n <li>Application Roles High Level Classification Attribute Control (IT Shop)</li>\r\n <li>Application Roles Name Attribute Control (IT Shop)</li>\r\n <li>Application Roles TCode Control (IT Shop)</li>\r\n <li>Pre-Approved Application Roles Control (IT Shop)</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab2\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following pages and reports:</p>\r\n <ul>\r\n <li>Application Roles Page (IT Shop)</li>\r\n </ul>\r\n \r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab3\" role=\"tabpanel\">\r\n <p>Grants <b>Executor</b> access for the following services:</p>\r\n <ul>\r\n <li>GroupsAPI.GetAssignedAppRolesByPersonGUID</li>\r\n <li>GroupsAPI.GetUser</li>\r\n <li>GroupsAPI.OwnersByAppRoleId</li>\r\n <li>GroupsAPI.GetAnonymousInfo</li>\r\n <li>\tGroupsAPI.GetAssignedMembershipByOrgRoleOrgZoneID</li>\r\n <li>GroupsAPI.GetGroups</li>\r\n <li>GroupsAPI</li>\r\n <li>GroupsAPI.GetTargetSystemFilterdata</li>\r\n <li>GroupsAPI.GetSuggestedAppRolesByOrgRoleIdOrgZoneId</li>\r\n <li>GroupsAPI.GetSingleOrgRole</li>\r\n <li>\tGroupsAPI.ApproversByAppRoleId</li>\r\n <li>GroupsAPI.CheckAssignmentStatus</li>\r\n <li>\tGroupsAPI.GetOwnersAndApprovers</li>\r\n <li>GroupsAPI.GetUserGroups</li>\r\n </ul>\r\n </div>\r\n</div>","javascript":"","css":""}
Feature Set
UI-IT-Shop-MS-Azure-Admin-Role
Grants access to shop for Azure Admin Directory Roles in the IT Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and web services:
 Easy html macro
theme{"label":"solarized_dark","value":"solarized_dark"}
contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<style>\r\n.nav {\r\n border: 1px solid #C1C1C8;\r\n border-style: none none solid none;\r\n padding: 0;\r\n margin: 12px 0 32px;\r\n display: flex;\r\n flex-wrap: nowrap;\r\n overflow: auto;\r\n}\r\n .nav-link {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n}\r\n.nav-link.active {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n border-bottom: 2px solid #1662DD !important;\r\n border-radius: 0px !important;\r\n}\r\n</style>\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <ul class=\"nav nav-pills mb-3\" id=\"pills-tab\" role=\"tablist\">\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link active\" id=\"pills-first-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab1\" type=\"button\" role=\"tab\">User Interface Controls</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-second-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab2\" type=\"button\" role=\"tab\">Pages and Reports</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-third-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab3\" type=\"button\" role=\"tab\">Web Service</button>\r\n </li>\r\n</ul>\r\n<div class=\"tab-content\" id=\"pills-tabContent\">\r\n <div class=\"tab-pane fade show active\" id=\"tab1\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following controls:</p>\r\n <ul>\r\n <li>\tAzure Admin Roles Role Types Control (IT Shop)</li>\r\n <li>Manage Access Business Request Attribute Control (IT Shop)</li>\r\n <li>Azure Admin Roles Resource System Attribute Control (IT Shop)</li>\r\n <li>\tAzure Admin Roles Role Type Attribute Control (IT Shop)</li>\r\n <li>\tAzure Admin Roles Advanced Search Control (IT Shop)</li>\r\n <li>\tAzure Admin Roles Global Functions Control (ITShop)</li>\r\n <li>Azure Admin Roles Tenants Control (IT Shop)</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab2\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following pages and reports:</p>\r\n <ul>\r\n <li>Azure Admin Roles Page (IT Shop)</li>\r\n </ul>\r\n \r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab3\" role=\"tabpanel\">\r\n <p>Grants <b>Executor</b> access for the following services:</p>\r\n <ul>\r\n <li>AzureRolesAPI.CheckAssignmentStatus</li>\r\n <li>AzureRolesAPI.GetRoleTypes</li>\r\n <li>AzureRolesAPI</li>\r\n <li>AzureRolesAPI.GetAdTree</li>\r\n <li>AzureRolesAPI.GetSingleAzureAdminRole</li>\r\n <li>AzureRolesAPI.GetAllAssigned</li>\r\n <li>AzureRolesAPI.GetAzureAdminRoles</li>\r\n </ul>\r\n </div>\r\n</div>","javascript":"","css":""}
Feature Set
UI-IT-Shop-MS-Azure-License
Grants access to shop for Azure Licenses in the IT Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and web services:
 Easy html macro
theme{"label":"solarized_dark","value":"solarized_dark"}
contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<style>\r\n.nav {\r\n border: 1px solid #C1C1C8;\r\n border-style: none none solid none;\r\n padding: 0;\r\n margin: 12px 0 32px;\r\n display: flex;\r\n flex-wrap: nowrap;\r\n overflow: auto;\r\n}\r\n .nav-link {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n}\r\n.nav-link.active {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n border-bottom: 2px solid #1662DD !important;\r\n border-radius: 0px !important;\r\n}\r\n</style>\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <ul class=\"nav nav-pills mb-3\" id=\"pills-tab\" role=\"tablist\">\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link active\" id=\"pills-first-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab1\" type=\"button\" role=\"tab\">User Interface Controls</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-second-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab2\" type=\"button\" role=\"tab\">Pages and Reports</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-third-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab3\" type=\"button\" role=\"tab\">Web Services</button>\r\n </li>\r\n</ul>\r\n<div class=\"tab-content\" id=\"pills-tabContent\">\r\n <div class=\"tab-pane fade show active\" id=\"tab1\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following controls:</p>\r\n <ul>\r\n <li>Azure Licenses Tenant Subscription Attribute Control (IT Shop)</li>\r\n <li>Azure Licenses Resource System Attribute Control (IT Shop)</li>\r\n <li>Azure Licenses Name Attribute Control (IT Shop)</li>\r\n <li>Azure License Pool Control (IT Shop)</li>\r\n <li>Manage Access Business Request Attribute Control (IT Shop)</li>\r\n <li>Azure Licenses License Pool Attribute Control (IT Shop)</li>\r\n <li>Azure Subscription Control (IT Shop)</li>\r\n <li>Azure Licenses Advanced Search Control (IT Shop)</li>\r\n <li>Azure Licenses Licensed Assignee Attribute Control (IT Shop)</li>\r\n <li>Azure Licenses Tenants Control (IT Shop)</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab2\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following pages and reports:</p>\r\n <ul>\r\n <li>Azure Licenses Page (IT Shop)</li>\r\n </ul>\r\n \r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab3\" role=\"tabpanel\">\r\n <p>Grants <b>Executor</b> access for the following services:</p>\r\n <ul>\r\n <li>\tAzureLicenseBundleAPI.GetTenantSubscriptionServices</li>\r\n <li>AzureLicenseBundleAPI</li>\r\n <li>AzureLicenseBundleAPI.GetAllEligibleLicenseBundlesByAssigneeId</li>\r\n <li>\tAzureLicenseBundleAPI.GetSinglee</li>\r\n <li>\tAzureLicenseBundleAPI.GetAllAzLocalServiceBundles</li>\r\n <li>AzureLicenseBundleAPI.GetAllAssignedLicenseBundlesByAssigneeId</li>\r\n <li>AzureLicenseBundleAPI.GetAllAzLicensePool</li>\r\n <li>AzureLicenseBundleAPI.GetAllAzureAdScimResourceSystems</li>\r\n <li>\tAzureLicenseBundleAPI.CheckAssignmentStatus</li>\r\n </ul>\r\n </div>\r\n</div>","javascript":"","css":""}
UI-IT-Shop-MS-Azure-RBAC-Role
Grants access to shop for Azure RBAC Roles in the IT Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and web services:
 Easy html macro
theme{"label":"solarized_dark","value":"solarized_dark"}
contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<style>\r\n.nav {\r\n border: 1px solid #C1C1C8;\r\n border-style: none none solid none;\r\n padding: 0;\r\n margin: 12px 0 32px;\r\n display: flex;\r\n flex-wrap: nowrap;\r\n overflow: auto;\r\n}\r\n .nav-link {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n}\r\n.nav-link.active {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n border-bottom: 2px solid #1662DD !important;\r\n border-radius: 0px !important;\r\n}\r\n</style>\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <ul class=\"nav nav-pills mb-3\" id=\"pills-tab\" role=\"tablist\">\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link active\" id=\"pills-first-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab1\" type=\"button\" role=\"tab\">User Interface Controls</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-second-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab2\" type=\"button\" role=\"tab\">Pages and Reports</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-third-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab3\" type=\"button\" role=\"tab\">Web Services</button>\r\n </li>\r\n</ul>\r\n<div class=\"tab-content\" id=\"pills-tabContent\">\r\n <div class=\"tab-pane fade show active\" id=\"tab1\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following controls:</p>\r\n <ul>\r\n <li>Azure Rbac Roles Global Functions Control (ITShop)</li>\r\n <li>Azure Rbac Roles Role Types Control (IT Shop)</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab2\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following pages and reports:</p>\r\n <ul>\r\n <li>\tAzure Rbac Roles Page (ITShop)</li>\r\n </ul>\r\n \r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab3\" role=\"tabpanel\">\r\n <p>Grants <b>Executor</b> access for the following services:</p>\r\n <ul>\r\n <li>AzureRolesAPI.GetRoleTypes</li>\r\n <li>\tAzureRolesAPI.CheckAssignmentStatus</li>\r\n <li>\tAzureRolesAPI.GetAzureRbacRoles</li>\r\n <li>AzureRolesAPI.GetAdTree</li>\r\n <li>AzureRolesAPI.GetAllAssigned</li>\r\n <li>AzureRolesAPI</li>\r\n <li>AzureRolesAPI.GetSingleAzureRole</li>\r\n </ul>\r\n </div>\r\n</div>","javascript":"","css":""}
IT Shop, My Tasks, and My Identity Self-Service Full Access
Grants full access for using the IT Shop, My Tasks, My Identity microservices
Role Bundle – Contains the below Management Roles:
  • ACT-Person-Delegate-All
  • ACT-Person-SetAsApprover-All
  • UI-IT-Shop-MS-Azure-Admin-Role
  • UI-IT-Shop-MS-Computer
  • UI-MyTasks-Participant-Full
  • UI-IT-Shop-MS-Management-Role
  • UI-IT-Shop-MS-Azure-License
  • UI-MyIdentity-PermanentDelegations
  • UI-MyIdentity-EmailNotification-Settings
  • UI-IT-Shop-MS-Business-Role
  • UI-IT-Shop-MS-Shared-Folder
  • UI-IT-Shop-MS-Application-Role
  • UI-IT-Shop-MS-Mailbox
  • UI-MyIdentity-Full
  • UI-IT-Shop-MS-Common
  • UI-IT-Shop-MS-Risk
  • VIS-Application-All
  • VIS-Location-MyLocationsAndBelow
  • VIS-Person-MyOrg
  • VIS-IT-Shop-MS-API
  • VIS-Computer-All
  • VIS-Management-Role-All
  • VIS-AzLocalRole-All
  • VIS-Mailbox-All
  • VIS-Groups-All
  • VIS-BusinessRequestType-All
  • VIS-MyTasks-MS-API
  • VIS-MyIdentity-MS-API
  • VIS-Location-All-BusinessStructure
  • VIS-AzGlobalFunction-All
  • VIS-Shared-Credential-All
  • VIS-AzLocalFunction-All
  • UI-IT-Shop-MS-Azure-RBAC-Role
  • VIS-License-Pool-All
  • Vis-OrgRoleOrgZone-ALL
Management Role
Access Granted by Management Role
UI-IT-Shop-MS-Full-Access
Inherits the below Access Levels from the parent Management Role Definition:
Workflow Access
Initiator Access Level for following workflows:
  • UpdatePersonDirectAssignment
  • UpdatePersonBusinessRoles
Control (User Interface) Access
Viewer Access Level for the following controls:
  • Application Process Control
  • Business Roles TCode Control
  • Business Roles Owners Attribute Control
  • Business Roles Advanced Search Control
  • Business Roles Role Approvers Attribute Control
  • Application Roles Resource System Attribute Control
  • Business Roles Name Attribute Control
  • Target System Control
  • Application Roles TCode Control
  • Application Roles Advanced Search Control
  • Shop for Target Person Control
  • Business Functions Control
  • Business Roles Parent Business Roles Attribute Control
  • Application Roles Owners Attribute Control
  • Application Roles High Level Classification Attribute Control
  • Business Domains Control
  • Business Roles High Level Classification Attribute Control
  • Application Roles Name Attribute Name
 Application Access
Viewer Access Level for the following applications:
  • IT Shop Microservice App
  • EmpowerID Web
Web Service Access
Executor Access Level for the following Web services:
  • All ITShop WebServices
  • AllRbacObjects
  • CartSubmissinoAPI.SubmitCart
 Pages and Reports Access
Viewer Access Level for the following pages and reports:
  • Groups Page (IT Shop)
  • Business Roles Page (IT Shop)
 
VIS-IT-SHOP-MS-API
Grants visibility to the base Web services required by all users of the IT Shop microservice.
Web Service Access
Executor Access Level for the following Web services:
  • BusinessFunctionsAPI
  • BusinessFunctionsAPI.GetChildrenByOrgZoneType
  • BusinessFunctionsAPI.GetOrgZonesByOrgZoneTypeTypes
  • BusinessLocationsAPI.GetOrgZoneTypes
  • BusinessLocationsAPI.Search
  • BusinessRolesAPI
  • BusinessRolesAPI.CheckAssignmentStatus
  • BusinessRolesAPI.GetApplicationRoleTemplates
  • BusinessRolesAPI.GetAssignedAppRolesByPersonGUID
  • BusinessRolesAPI.GetAssignedBusinessRolesByPersonGUID
  • BusinessRolesAPI.GetOrgRole
  • BusinessRolesAPI.GetOrgRoles
  • BusinessRolesAPI.GetSingleOrgRole
  • CartSubmissionAPI
  • CartSubmissionAPI.SubmitCart
  • CheckForSODAPI
  • CheckForSODAPI.GetAssigneesForOrgRoleType
  • GlobalSettingsAPI
  • GlobalSettingsAPI.GetConfigSetting
  • GroupsAPI
  • GroupsAPI.CheckAssignmentStatus
  • GroupsAPI.GetAssignedAppRolesByPersonGUID
  • GroupsAPI.GetAssignedMembershipByOrgRolesOrgZoneID
  • GroupsAPI.GetGroups
  • GroupsAPI.GetSingleOrgRole
  • GroupsAPI.GetTargetSystemsFilterdata
  • LocalizationAPI
  • LocalizationAPI.CountryHelpText
  • LocalizationAPI.GetByResourceSet
  • ProtectedAppResourceAPI
  • ProtectedAppResourceAPI.AlllowedSsoApplications
  • ProtectedAppResourceAPI.GetChildrenByProtectedApplication
...