Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

To propose (make eligible) a people or a person to a group, using the PBAC membership policy, we need to follow the below steps

  1. Add a PBAC attribute to a person - PBAC field type or an attribute is a connector used to connect an EmpowerID actor like a person to a PBAC membership policy target such as a group.

  2. Create a PBAC membership policy (of the type eligible) for a group - It is required to create a PBAC membership policy so that we can use it for a target type( e.g., a Group).

  3. Add the same PBAC attribute to the policy - PBAC field type or attribute should be added to a PBAC membership policy, for connecting it to an EmpowerID actor.

  4. Wait for policy compilation and verify the result - Once the policy is compiled the person will be proposed to the group

Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue

Add a PBAC field Type or Attribute to a Person

  1. On the navbar, expand Identity Administration and select People.

  2. Search for a person to whom you want to add a PBAC field Type.

    Image Added
  3. Click on the person’s EmpowerID login link to open the view-one page for the person

    Image Added

  4. Click on the PBAC attribute assignment on the left menu. After that click on the + icon to add a PBAC attribute. Select the radio button Attribute Only, search for the name of the attribute and select the two check boxes for values of attribute (sales and Software). Click Save.

    Image Added

  5. This will add this attribute to the person.

    Image Added


Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue

Create a PBAC membership policy (type eligible) for a group

PBAC Membership policies can be created on the view one page of the roles, groups, and collections that are the target of the policy. In the below example, we demonstrate how to create a policy of type eligible using the view-one page of a group that is the target of the policy.

  1. On the navbar, expand Identity Administration and select Groups.

  2. Search for a group name.

    Image Added

  3. Click on the group logon name hyperlink to open the group’s view-one page.

    Image Added

  4. Select the Advanced tab and scroll down to select Attribute-Based Membership Policies.

    Image Added

  5. Click on the + icon in the above image to create a new membership policy for this group. The below page will open. Enter the name of the policy, select the policy type as “Eligible”. Check the IsEnable check box. Select the minute interval with 15 min and click on Save.

    Image Added

  6. This will create the PBAC membership policy and queue it for compilation.

    Image Added


Add a PBAC Attribute to a PBAC Membership Policy

You can add a PBAC attribute to an existing PBAC membership policy. In the previous step, we created a PBAC membership policy for a group. In this post, we are going to add the attribute to that PBAC membership policy. Therefore let us follow the below steps.

  1. On the navbar, expand Identity Administration and select Groups.

  2. Search for the group name.

  3. Scroll down. Under the Membership tab, select Attribute-Based Membership Policies and you can see the PBAC Membership policies attached to this group.

  4. Click on the Name link of the PBAC Membership policy you want to add an attribute to. This will open the view-one page of this PBAC membership policy. Select the Attribute Conditions (Field Types) link

    Image Added

  5. Click on the + icon to add an attribute to this policy that you added to the person earlier. Search for the name of the PBAC membership policy and select it. Select the two values ( sales and software) check boxes. Select the checkbox If matches all values. Click Save.

    Image Added

  6. The attribute is now added to the PBAC membership policy type.

    Image Added

Verify the Result

After the PBAC membership policy is compiled we can verify the result. After the PBAC membership policy is compiled, it will propose (eligible) the person to the group. This can be checked at the view-one page of the group( for which the policy was created). Select the Attribute Based Membership Inbox link. We can see that the person( to which the PBAC attribute was added) is now a proposed or eligible member of this group.

...


Propose People to Management Role