Versions Compared

Old Version 1

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

After creating Once a Local Function is created and adding it linked to a Global Function, you can proceed the next step is to map external system rights and local roles from external systems to the Local Function. This mapping provides action is essential for providing a clear understanding of user permissions within the external system associated with the Functions.

This article will guide you through the process of creating details how to establish a Right Mapping policy for a Local Function and demonstrate how to map illustrates the procedure for mapping rights to that the policy.

Procedure

Step 1 – Create a

right mapping policy

Right Mapping Policy

  1. On the navbar, expand Compliance and click Risk Management.Select

    • This directs you to the Risk Management page.

      image-20240119-204216.pngImage Added

  2. On the Risk Management page, locate and select the Local Functions tab and search .

  3. Search for the local function you want wish to map on the Risk Management page.

  4. Click the Name link for the desired local function.

    Image Removedimage-20240119-204638.pngImage Added

    • This opens the View One page

    for the local function. This page allows you to

    • , where you can view and manage the function

    as needed

    • .

    Image Removed
    • image-20240119-204913.pngImage Added

       

  5. On the View One page, select the Function Mappings tab.

  6. Expand the Right Mapping Policies accordion and click the Add [+] button.

    Image Removedimage-20240119-211254.pngImage Added

  7. In the dialog that appears, enter the following information and click Save.

    • Name – Name of : Enter a name for the Right mapping policyMapping Policy.

    • Display Name – Display name of the Right mapping policy: Enter a user-friendly display name for the Right Mapping Policy.

    • Is Enabled : Select to enable compilation of the Right mapping policy

      Image Removed

      .

  8. Click Save to create the Right Mapping policy.

Step 2 – Map rights to the policy

  1. In the Right Mapping Policies accordion, click the Name link for the policy to which you want to map rights.


    This opens the View One page for the Local Function Policy. From this page, you can add rights to the policy.

  2. Expand the Rights and Field Types Mapped to Function accordion and click the Add [+] button.

  3. In the Right field, search for and select the right within the managed resource system you want to add to the policy. In the below example, we select microsoft.directory/groups/createasowner right for a specific Azure tenant. In this way, the function only returns users with that right in that system.

  4. Click Save.

    Insert excerpt
    IL:External Stylesheet
    IL:External Stylesheet
    nopaneltrue

Page Properties
hiddentrue

  1. Select the Function Mappings tab and expand the accordion relating to what you want to map on the Local Function Details page.

    • Right Mapping Policies – This accordion allows you to create search for and select local versions of rights inherited from the parent global function. For example, suppose the parent global function is mapped to the microsoft.directory/groups.unified/members/update right. In that case, you will only be able to select that right in the actual entities, systems, and locations in your environment where they can do them.

    • Local Roles Granting Function (Mapped) – This accordion allows you to search for and select local versions of roles inherited from the parent global function. For example, suppose the parent global function is mapped to the Global Administrator role. In that case, you will only be able to select that right in the actual entities, systems, and locations in your environment where they can do them.

    • Assignees Granting Local Function (Mapped) – This allows you to specify one or more EmpowerID actor types with the function. Actor types can include:

      • Business Role and Location – All people belonging to the Business Role and Location will be flagged as having the function

      • Group – All people belonging to the group will be flagged as having the function.

      • Management Role – All people belonging to the Management Role will be flagged as having the function

      • Management Role Definition – All people belonging to the Management Roles derived from the definition will be flagged as having the function

      • Person – The specified person will be flagged as having the function

      • Query-Based Collection – All people belonging to the Query-Based Collection will be flagged as having the function

  2. Search for and select the rights and roles you want to map to the function. In the below example, we choose the microsoft.directory/groups.unified/members/update right for the DocsScim system. In this way the function only returns users with that right in that system.

  3. When you have finished mapping roles and rights, click Submit.

Macrosuite divider macro
dividerWidth100
dividerTypetext-with-icon
emoji{"id":"smile","name":"Smiling Face with Open Mouth and Smiling Eyes","short_names":["smile"],"colons":":smile:","emoticons":["C:","c:",":D",":-D"],"unified":"1f604","skin":null,"native":"😄"}
textColor#000000
dividerWeight3
labelPositionmiddle
textAlignmentcenter
iconColor#0052CC
iconSizemedium
fontSizemedium
textNext Steps
emojiEnabledfalse
dividerColor#DFE1E6
dividerIconbootstrap/BarChartSteps
Div
stylefloat:left; position:fixed;
idarticleNav

IN THIS ARTICLE

Table of Contents
maxLevel4
minLevel2
stylenone
printablefalse

Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue