...
| Div |
|---|
Home / Authorization RBAC/ABAC / Management Roles / Current: Assigning Access Levels to Management Roles |
EmpowerID Access Levels, also known as Resource Roles, are collections of "operational capabilities" and/or "native system rights" specific to a particular resource type, such as an account, group or mailbox. When you assign an Access Level to a Management Role, you give anyone assigned membership in the Management Role the ability to perform those operations or tasks against a selected resource.
anchorTo assign Access Levels to Management Roles
From- In the Navigation Sidebar of the EmpowerID Web interface,
- expand Identities and
- click Manage Delegations.
- On the Actor Delegations tab
Select Management Role from the Assignee Type drop-down, type the - , drop down the Assignee Type and select Management Role.
Enter the name of the Management Role to
delegate access to in the Enter a Management Role Name to Search field and
click the tile for
the role.
Info In the following image, the Navigation Sidebar has been collapsed to conserve screen real estate.
Select By Location from the Assignment Type drop-down
- Drop down the Assignment Type and select By Location. Selecting By Location gives the Management Role access
- to all resources of a resource type in a location and
- all its child locations
- .
- In the Assignments grid, click the Add Assignments (+) button.
- In the Grant Access dialog that appears,
- select the
- resource type for which
- to give the Management Role an access level.
- This example selects the Computer resource type.
- Under For Resource in or Below, click the Select a Location link, and in the Location Selector that appears, search for and select the location in which you want the Access Level to have effect.
- Click Save to close the Location Selector.
- Drop down the Access Level
- and select the one to assign to the Management Role
- . This example uses the Administrator Access Level. This gives anyone who is assigned to the Management Role all of the EmpowerID Operations and native system rights delegated to the Management Role.
- Optionally,
- select Time Constraint
- to add a time constraint to the Access Level assignment. When this option is selected,
- click in the Valid From and Valid To fields and
- pick Calendar values to set date and time ranges.
- Click Save.
This adds the Access Level assignment to the Shopping Cart.
- Repeat for each Access Level
- to assign to the Management Role Definition
- , and when you have
- finished adding Access Level assignments, click the Shopping Cart icon, type a reason for the assignments in the cart dialog and
- click Submit.
| Info | ||||
|---|---|---|---|---|
|
...
| |||||||
|
...
|
...
|