...
RBAC Mapping in EmpowerID
Role-Based Access Control (RBAC) Mapping forms a fundamental part of EmpowerID's capacity to automate the assignment and management of an individual's Business Roles and Locations is RBAC Mapping. EmpowerID can inventory . This system inventories role and location hierarchies from various external systems, such as HR, SaaS applications, AD, or LDAP directories. These applications and directories may contain actual role and location structures – as do many HR systems – or a structure can be built Human Resources databases, Software as a Service (SaaS) applications, Active Directory (AD), or Lightweight Directory Access Protocol (LDAP) directories, aiding in the automation process.
These external systems carry actual structures pertaining to roles and locations. However, if these structures are not present, a framework for roles and locations can be constructed using connector logic based on user attributes such as , including title, department, and country. These "external roles" and "external locations," along with the assignment of user accounts to these locations, are inventoried into the EmpowerID data model, as seen in the below data model diagram.
...
Business Role and Location Mappings
Business Role and Location mappings allows serve an essential purpose: they facilitate mapping existing physical directory Locations and roles to be mapped to a logical management structurestructures to logical business roles and locations within the EmpowerID platform. This process is essential for managing an organization's identities and access control effectively. For example, multiple AD or LDAP directory OUs containers for "London" can be visually mapped to a single virtual "London" Location for unified management and delegation of policies.
...
The recalculation and maintenance of Business Role and Location assignments based on authoritative system data is handled by the Business Role and Location Recompiler Job. This job retrieves the external roles and locations associated with user accounts and the mappings of those external roles and locations to EmpowerID Business Roles and Locations, comparing them to computer a Person's appropriate current Business Role and Location assignments and any adjustments that should be made. Adjustments are handled by the Business Role and Location Processor job, which reads the proposed changes from a queue and implements them.
...