EmpowerID restricts access to roles through the use of Management Roles. To work with roles, users must be assigned to the appropriate roles. Management Roles are prefixed by their function in EmpowerID and include the following:
UI — Management Roles prefixed with UI grant users access to specific UI elements in the EmpowerID Web interface.
VIS — Management Roles prefixed with VIS grant users the ability to see specific objects in EmpowerID.
ACT — Management Roles prefixed with ACT grant users the ability to manage specific objects in EmpowerID.
Roles needed to create, update and delete Management Roles
To create, update and delete Management Roles, users need to have a combination of the following Management Role assignments (based on the needed scope):
| Expand |
|---|
| title | Roles needed by people to create, update and delete Management Roles in their locations |
|---|
|
Management Role | Access Granted by Management Role | Role Type |
|---|
UI-Management-Role-Object-Administration | Grants access to the user interfaces and workflows to create Person objects. | Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESSFind Management Role Page Viewer for the page Viewer for Advanced Tab Viewer for the All Roles Tab Viewer for the Management Role Definition Tab Viewer for the Location Tree
Management Role View One Page Viewer for the page Viewer for the Actions Accordion Viewer for the More Info Accordion Viewer for the Advanced Tab
Management Role Edit One Page Management Role Definition View One Page Management Role Definition Edit One Page Resultant Resource Locations Page Create Management Role Page Create Management Role Definition Page EmpowerID Protected Application Management Role Resource Type DropDown Item
WORKFLOW ACCESSManagement Role New Edit Management Role NoUI Delete Management Role Management Role Definition New Edit Management Role Definition NoUI Delete Management Role Definition NoUI Update Owner Assignee Update Resource Locations Update Resource Tags Update Person Catalog Category Requestable Entitlements
| VIS-Management-Role-MyLocations | Grants visibility for all Management Roles in a person's locations. Visibility is needed to access the Action links related to Management Roles. | Visibility | ACT-Management-Role-Object-Administration-MyLocations | Grants the ability to create, update, and delete Management Roles in a person's locations. | Activity | VIS-Management-Role-Definition-All | Grants visibility for all Management Role Definitions in the system. | Visibility |
|
| Expand |
|---|
| title | Roles needed by people to create, update and delete Management Roles in their organizations |
|---|
|
Management Role | Access Granted by Management Role | Role Type |
|---|
UI-Management-Role-Object-Administration | Grants access to the user interfaces and workflows to create Person objects. | Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESSFind Management Role Page Viewer for the page Viewer for Advanced Tab Viewer for the All Roles Tab Viewer for the Management Role Definition Tab Viewer for the Location Tree
Management Role View One Page Viewer for the page Viewer for the Actions Accordion Viewer for the More Info Accordion Viewer for the Advanced Tab
Management Role Edit One Page Management Role Definition View One Page Management Role Definition Edit One Page Resultant Resource Locations Page Create Management Role Page Create Management Role Definition Page EmpowerID Protected Application Management Role Resource Type DropDown Item
WORKFLOW ACCESSManagement Role New Edit Management Role NoUI Delete Management Role Management Role Definition New Edit Management Role Definition NoUI Delete Management Role Definition NoUI Update Owner Assignee Update Resource Locations Update Resource Tags Update Person Catalog Category Requestable Entitlements
| VIS-Management-Role-MyOrg | Grants visibility for all Management Roles in a person's organizations. Visibility is needed to access the Action links related to Management Roles. | Visibility | ACT-Management-Role-Object-Administration-MyOrg | Grants the ability to create, update, and delete Management Roles in a person's organizations. | Activity | VIS-Management-Role-Definition-All | Grants visibility for all Management Role Definitions in the system. | Visibility |
|
| Expand |
|---|
| title | Roles needed by people to create, update and delete all Management Roles in any location |
|---|
|
Management Role | Access Granted by Management Role | Role Type |
|---|
UI-Management-Role-Object-Administration | Grants access to the user interfaces and workflows to create Person objects. | Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESSFind Management Role Page Viewer for the page Viewer for Advanced Tab Viewer for the All Roles Tab Viewer for the Management Role Definition Tab Viewer for the Location Tree
Management Role View One Page Viewer for the page Viewer for the Actions Accordion Viewer for the More Info Accordion Viewer for the Advanced Tab
Management Role Edit One Page Management Role Definition View One Page Management Role Definition Edit One Page Resultant Resource Locations Page Create Management Role Page Create Management Role Definition Page EmpowerID Protected Application Management Role Resource Type DropDown Item
WORKFLOW ACCESSManagement Role New Edit Management Role NoUI Delete Management Role Management Role Definition New Edit Management Role Definition NoUI Delete Management Role Definition NoUI Update Owner Assignee Update Resource Locations Update Resource Tags Update Person Catalog Category Requestable Entitlements
| VIS-Management-Role-All | Grants visibility for all Management Roles in the system. Visibility is needed to access the Action links related to Management Roles. | Visibility | ACT-Management-Role-Object-Administration-All | Grants the ability to create, update, and delete all Management Roles. | Activity | VIS-Management-Role-Definition-All | Grants visibility for all Management Role Definitions in the system. | Visibility | ACT-Management-Role-Definition-Object-Administration-All | Grants the ability to create, update, and delete all Management Role Definitions. | Activity |
|
Roles needed to manage role membership
To manage role membership, users need to have a combination of the following Management Role assignments (based on the needed scope):
| Expand |
|---|
| title | Roles needed by people to manage the membership of roles in their locations |
|---|
|
Management Role | Access Granted by Management Role | Role Type |
|---|
UI-Management-Role-Membership-Management | Grants access to the user interfaces and workflows to create Person objects. | Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESSFind Person Page View One Person Page Viewer for the page Viewer for the Manage Tab Viewer for the Roles, Account, Login Security and Management Roles control Viewer for the Advanced Attributes Editable Lists
Find Management Role Page Management Role View One Page Viewer for the page Viewer for the General Tab Viewer for the More Info Accordion Viewer for the People Members of Management Role Grid
Resultant Resource Locations Page
WORKFLOW ACCESS | VIS-Management-Role-MyLocations | Grants visibility for all Management Roles in a person's locations. | Visibility | ACT-Management-Role-Membership-MyLocations | Grants the ability to manage the membership of Management Roles in a person's locations. | Activity |
|
| Expand |
|---|
| title | Roles needed by people to manage the membership of roles in their organizations |
|---|
|
Management Role | Access Granted by Management Role | Role Type |
|---|
UI-Management-Role-Membership-Management | Grants access to the user interfaces and workflows to create Person objects. | Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESSFind Person Page View One Person Page Viewer for the page Viewer for the Manage Tab Viewer for the Roles, Account, Login Security and Management Roles control Viewer for the Advanced Attributes Editable Lists
Find Management Role Page Management Role View One Page Viewer for the page Viewer for the General Tab Viewer for the More Info Accordion Viewer for the People Members of Management Role Grid
Resultant Resource Locations Page
WORKFLOW ACCESS | VIS-Management-Role-MyOrg | Grants visibility for all Management Roles in a person's organizations. | Visibility | ACT-Management-Role-Membership-MyOrg | Grants the ability to manage the membership of Management Roles in a person's organizations. | Activity |
|
| Expand |
|---|
| title | Roles needed by people to manage the membership of all roles |
|---|
|
Management Role | Access Granted by Management Role | Role Type |
|---|
UI-Management-Role-Membership-Management | Grants access to the user interfaces and workflows to create Person objects. | Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESSFind Person Page View One Person Page Viewer for the page Viewer for the Manage Tab Viewer for the Roles, Account, Login Security and Management Roles control Viewer for the Advanced Attributes Editable Lists
Find Management Role Page Management Role View One Page Viewer for the page Viewer for the General Tab Viewer for the More Info Accordion Viewer for the People Members of Management Role Grid
Resultant Resource Locations Page
WORKFLOW ACCESS | VIS-Management-Role-All | Grants visibility for all Management Roles. | Visibility | ACT-Management-Role-Membership-All | Grants the ability to manage the membership of all Management Roles. | Activity |
|
Roles needed to manage the RBAC delegations granted to roles
To manage the RBAC delegations of access granted to roles, users need to have a combination of the following Management Role assignments (based on the needed scope):
| Expand |
|---|
| title | Roles needed by people to manage the RBAC delegations of roles in their locations |
|---|
|
Management Role | Access Granted by Management Role | Role Type |
|---|
UI-Management-Role-Object-Administration | Grants access to the user interfaces and workflows to create Person objects. | Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESSFind Management Role Page Viewer for the page Viewer for Advanced Tab Viewer for the All Roles Tab Viewer for the Management Role Definition Tab Viewer for the Location Tree
Management Role View One Page Viewer for the page Viewer for the Actions Accordion Viewer for the More Info Accordion Viewer for the Advanced Tab
Management Role Edit One Page Management Role Definition View One Page Management Role Definition Edit One Page Resultant Resource Locations Page Create Management Role Page Create Management Role Definition Page EmpowerID Protected Application Management Role Resource Type DropDown Item
WORKFLOW ACCESSManagement Role New Edit Management Role NoUI Delete Management Role Management Role Definition New Edit Management Role Definition NoUI Delete Management Role Definition NoUI Update Owner Assignee Update Resource Locations Update Resource Tags Update Person Catalog Category Requestable Entitlements
| VIS-Management-Role-MyLocations | Grants visibility for all Management Roles in a person's locations. Visibility is needed to access the Action links related to Management Roles. | Visibility | ACT-Management-Role-RBAC-Delegations-MyLocations | Grants the ability to manage RBAC delegations of access for all Management Roles in the person's locations | Activity |
|
| Expand |
|---|
| title | Roles needed by people to manage the RBAC delegations of roles in their organizatons |
|---|
|
Management Role | Access Granted by Management Role | Role Type |
|---|
UI-Management-Role-Object-Administration | Grants access to the user interfaces and workflows to create Person objects. | Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESSFind Management Role Page Viewer for the page Viewer for Advanced Tab Viewer for the All Roles Tab Viewer for the Management Role Definition Tab Viewer for the Location Tree
Management Role View One Page Viewer for the page Viewer for the Actions Accordion Viewer for the More Info Accordion Viewer for the Advanced Tab
Management Role Edit One Page Management Role Definition View One Page Management Role Definition Edit One Page Resultant Resource Locations Page Create Management Role Page Create Management Role Definition Page EmpowerID Protected Application Management Role Resource Type DropDown Item
WORKFLOW ACCESSManagement Role New Edit Management Role NoUI Delete Management Role Management Role Definition New Edit Management Role Definition NoUI Delete Management Role Definition NoUI Update Owner Assignee Update Resource Locations Update Resource Tags Update Person Catalog Category Requestable Entitlements
| VIS-Management-Role-MyOrg | Grants visibility for all Management Roles in a person's locations. Visibility is needed to access the Action links related to Management Roles. | Visibility | ACT-Management-Role-RBAC-Delegations-MyOrgs | Grants the ability to manage RBAC delegations of access for all Management Roles in the person's organizations. | Activity |
|
| Expand |
|---|
| title | Roles needed by people to manage the RBAC delegations of all roles |
|---|
|
Management Role | Access Granted by Management Role | Role Type |
|---|
UI-Management-Role-Object-Administration | Grants access to the user interfaces and workflows to create Person objects. | Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESSFind Management Role Page Viewer for the page Viewer for Advanced Tab Viewer for the All Roles Tab Viewer for the Management Role Definition Tab Viewer for the Location Tree
Management Role View One Page Viewer for the page Viewer for the Actions Accordion Viewer for the More Info Accordion Viewer for the Advanced Tab
Management Role Edit One Page Management Role Definition View One Page Management Role Definition Edit One Page Resultant Resource Locations Page Create Management Role Page Create Management Role Definition Page EmpowerID Protected Application Management Role Resource Type DropDown Item
WORKFLOW ACCESSManagement Role New Edit Management Role NoUI Delete Management Role Management Role Definition New Edit Management Role Definition NoUI Delete Management Role Definition NoUI Update Owner Assignee Update Resource Locations Update Resource Tags Update Person Catalog Category Requestable Entitlements
| VIS-Management-Role-All | Grants visibility for all Management Roles. | Visibility | ACT-Management-Role-RBAC-Delegations-All | Grants the ability to manage RBAC delegations of access for all Management Roles. | Activity |
|