Versions Compared

Old Version 1

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Access Levels are bundles of EmpowerID Operations and/or native system rights specific to resource types such as Exchange mailboxes or user accounts. Assign them to users to grant access to IT resources as specified by the Access Level.

...

  1. On the navbar, expand Admin , then> RBAC Definitions, and click RBAC Access Levels.

  2. From On the Access Level page, click the Actions tab and then click Create Access Level Add button.
    Image RemovedIn

    Image Added

  3. Enter the following information on the Access Level Details form that appears, enter a name and description in the Name, Display Name and Description fields.Select Enforced to create an Access Level for an inventoried resource system, such as Exchange, :

    • Name — Name of the Access Level

    • Display Name — Display name of the Access Level; the Display name is what appears for the Access Level in the UI

    • Description —Description of the Access Level

    • Enforced — Select this option if you want EmpowerID to enforce native rights

    that

    • granted by the Access Level

    grants.Select 

    • (for inventoried systems only)

    • Is Default Role — Select this option if the Access Level is the default for the resource type

    .

    Type

    • Risk Score — Enter a numeric value

    (

    • from 1 to 100

    ) in the Risk Factor field

    • . This number is a user-defined value that can help you identify the potential security ramifications associated with the Access Level, based upon the volume and/or nature of operations and/or native system rights associated with it. The higher the number, the higher the risk.

    • Resource Type — Select the resource type for which you are creating the Access Level

    from the Resource Type field. This specifies that the Access Level Definition only applies to the selected resource type.

  4. Select Allow Access Assignments to allow users to request the Access Level.

  5. Select Hide In UI

    • , such as Business Role Location or Exchange Mailbox.

    • Publish in IT Shop —Select this option to make the Access Level requestable in the IT Shop

    • Hide in UI — Select this option to prevent users from seeing the Access Level in EmpowerID

    .

  6. Click Save.

Info

Once an Access Level Definition is created, it needs EmpowerID Operations and/or native system rights before it can be used to delegate resources to users. This is demonstrated in the Adding Operations to Access Level Definitions and the Adding Rights to Access Level Definitions topics.

...