Versions Compared

Old Version 1

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Once a local function has been created and added to a global functionAfter creating a Local Function and adding it to a Global Function, you can proceed to map external system rights and local roles to the function. This lets you know who can do what in Local Function. This mapping provides a clear understanding of user permissions within the external system the functions are mapped to. This article demonstrates how to create associated with the Functions.

This article will guide you through the process of creating a Right Mapping policy for a local function and Local Function and demonstrate how to map rights to the that policy.

Create a right mapping policy

  1. On the navbar, expand Compliance and click Risk Management.

  2. Select the Local Functions tab and search for the local function you want to map on the Risk Management page.

  3. Click the Name link for the local function.

Image Removed
  1. Image Added


    This opens the View One page for the local function. This page allows you to view and manage the function as needed.

Image Removed
  1. Image Added

     

  2. On the View One page, select the Function Mappings tab and click the Add [+] button.

Image Removed
  1. Image Added

  2. In the dialog that appears, enter the following information and click Save.

    • Name – Name of the Right mapping policy

    • Display Name – Display name of the Right mapping policy

    • Is Enabled – Select to enable compilation of the Right mapping policy

Image Removed
    • Image Added

Map rights to the policy

  1. In the Right Mapping Policies accordion, click the Name link for the policy to which you want to map rights.

Image Removed
  1. Image Added


    This opens the View One page for the Local Function Policy. From this page, you can add rights to the policy.

Image Removed
  1. Image Added

  2. Expand the Rights and Field Types Mapped to Function accordion and click the Add [+] button.

Image Removed
  1. Image Added

  2. In the Right field, search for and select the right within the managed resource system you want to add to the policy. In the below example, we select microsoft.directory/groups/createasowner right for a specific Azure tenant. In this way, the function only returns users with that right in that system.

Image Removed
  1. Image Added

  2. Click Save.

Image Removed
  1. Image Added

    Insert excerpt
    IL:External Stylesheet
    IL:External Stylesheet
    nopaneltrue

Page Properties
hiddentrue

  1. Select the Function Mappings tab and expand the accordion relating to what you want to map on the Local Function Details page.

    • Right Mapping Policies – This accordion allows you to create search for and select local versions of rights inherited from the parent global function. For example, suppose the parent global function is mapped to the microsoft.directory/groups.unified/members/update right. In that case, you will only be able to select that right in the actual entities, systems, and locations in your environment where they can do them.

    • Local Roles Granting Function (Mapped) – This accordion allows you to search for and select local versions of roles inherited from the parent global function. For example, suppose the parent global function is mapped to the Global Administrator role. In that case, you will only be able to select that right in the actual entities, systems, and locations in your environment where they can do them.

    • Assignees Granting Local Function (Mapped) – This allows you to specify one or more EmpowerID actor types with the function. Actor types can include:

      • Business Role and Location – All people belonging to the Business Role and Location will be flagged as having the function

      • Group – All people belonging to the group will be flagged as having the function.

      • Management Role – All people belonging to the Management Role will be flagged as having the function

      • Management Role Definition – All people belonging to the Management Roles derived from the definition will be flagged as having the function

      • Person – The specified person will be flagged as having the function

      • Query-Based Collection – All people belonging to the Query-Based Collection will be flagged as having the function

  2. Search for and select the rights and roles you want to map to the function. In the below example, we choose the microsoft.directory/groups.unified/members/update right for the DocsScim system. In this way the function only returns users with that right in that system.

    Image Modified

  3. When you have finished mapping roles and rights, click Submit.

See Also
Macrosuite divider macro
dividerWidth100
dividerTypetext-with-icon
emoji{"id":"smile","name":"Smiling Face with Open Mouth and Smiling Eyes","short_names":["smile"],"colons":":smile:","emoticons":["C:","c:",":D",":-D"],"unified":"1f604","skin":null,"native":"😄"}
textColor#000000
dividerWeight3
labelPositionmiddle
textAlignmentcenter
iconColor#0052CC
iconSizemedium
fontSizemedium
textNext Steps
emojiEnabledfalse
dividerColor#DFE1E6
dividerIconbootstrap/BarChartSteps
Div
stylefloat:left; position:fixed;
idarticleNav

IN THIS ARTICLE

Table of Contents
maxLevel4
minLevel2
stylenone
printablefalse

Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue