Versions Compared

Old Version 2

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. UI-Prefixed Roles: Management Roles that start with 'UI' provide users with access to certain UI elements within the EmpowerID Web interface. This allows for a tailored user experience, giving access only to the necessary interface components.

  2. VIS-Prefixed Roles: Roles prefixed with 'VIS' grant users visibility rights over specific objects within EmpowerID. This ensures that users can see only the objects relevant to their role, making for an efficient and clutter-free workspace.

  3. ACT-Prefixed Roles: Management Roles beginning with 'ACT' give allow users the capability to manage certain objects within EmpowerID. This provides gives users with the necessary permissions to perform specific actions on selected objects, aligning with their job responsibilities.

...

To shop for eligible resources in the IAM Shop, users need to have one or more of the below Management Role assignments (based on the needed scope):

Management Role

Role Type

Description

UI-IT-Shop-MS-Application

Feature Set (Ui)

Grants access to shop for access to Applications in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and workflows:

Easy html macro
theme{"label":"solarized_dark","value":"solarized_dark"}
contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<style>\r\n.nav {\r\n border: 1px solid #C1C1C8;\r\n border-style: none none solid none;\r\n padding: 0;\r\n margin: 12px 0 32px;\r\n display: flex;\r\n flex-wrap: nowrap;\r\n overflow: auto;\r\n}\r\n .nav-link {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n}\r\n.nav-link.active {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n border-bottom: 2px solid #1662DD !important;\r\n border-radius: 0px !important;\r\n}\r\n</style>\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <ul class=\"nav nav-pills mb-3\" id=\"pills-tab\" role=\"tablist\">\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link active\" id=\"pills-first-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab1\" type=\"button\" role=\"tab\">User Interface Controls</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-second-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab2\" type=\"button\" role=\"tab\">Pages and Reports</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-third-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab3\" type=\"button\" role=\"tab\">Workflows</button>\r\n </li>\r\n</ul>\r\n<div class=\"tab-content\" id=\"pills-tabContent\">\r\n <div class=\"tab-pane fade show active\" id=\"tab1\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following controls:</p>\r\n <ul>\r\n <li>Applications Grid Control (IT Shop)</li>\r\n <li>ITShop Parsed Html More information text Control</li>\r\n <li>ITShop Show Only Azure Applications Control</li>\r\n <li>Create Azure Application Workflow Control (IT Shop)</li>\r\n <li>ITShop-PreApprovedApplications-Control</li>\r\n <li>ITShop-TimeConstrainedApplications-Control</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab2\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following pages and reports:</p>\r\n <ul>\r\n <li>Application Roles Page (IT Shop)</li>\r\n </ul>\r\n \r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab3\" role=\"tabpanel\">\r\n <p>Grants <b>Initiator</b> access for the following workflows:</p>\r\n <ul>\r\n <li>CreateAzureApplication</li>\r\n </ul>\r\n </div>\r\n</div>","javascript":"","css":""}
UI-IT-Shop-MS-Application Role
Feature Set (UI)
Grants access to shop for Application Roles (Groups) in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and web services:
 Easy html macro
theme{"label":"solarized_dark","value":"solarized_dark"}
contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<style>\r\n.nav {\r\n border: 1px solid #C1C1C8;\r\n border-style: none none solid none;\r\n padding: 0;\r\n margin: 12px 0 32px;\r\n display: flex;\r\n flex-wrap: nowrap;\r\n overflow: auto;\r\n}\r\n .nav-link {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n}\r\n.nav-link.active {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n border-bottom: 2px solid #1662DD !important;\r\n border-radius: 0px !important;\r\n}\r\n</style>\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <ul class=\"nav nav-pills mb-3\" id=\"pills-tab\" role=\"tablist\">\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link active\" id=\"pills-first-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab1\" type=\"button\" role=\"tab\">User Interface Controls</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-second-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab2\" type=\"button\" role=\"tab\">Pages and Reports</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-third-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab3\" type=\"button\" role=\"tab\">Web Service</button>\r\n </li>\r\n</ul>\r\n<div class=\"tab-content\" id=\"pills-tabContent\">\r\n <div class=\"tab-pane fade show active\" id=\"tab1\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following controls:</p>\r\n <ul>\r\n <li>Target System Control (IT Shop)</li>\r\n <li>TCodes Grid Control (IT Shop)</li>\r\n <li>Manage Access Business Request Attribute Control (IT Shop)</li>\r\n <li>Application Roles Business Functions Control (IT Shop)</li>\r\n <li>Application Processes Control (IT Shop)</li>\r\n <li>Suggested Application Roles Control (IT Shop)</li>\r\n <li>Application Roles Account Store Attribute Control (IT Shop)</li>\r\n <li>Application Roles Resource System Attribute Control (IT Shop)</li>\r\n <li>Application Roles Applications Control (IT Shop)</li>\r\n <li>Application Roles Owners Attribute Control (IT Shop)</li>\r\n <li>Application Roles Advanced Search Control (IT Shop)</li>\r\n <li>Application Roles High Level Classification Attribute Control (IT Shop)</li>\r\n <li>Application Roles Name Attribute Control (IT Shop)</li>\r\n <li>Application Roles TCode Control (IT Shop)</li>\r\n <li>Pre-Approved Application Roles Control (IT Shop)</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab2\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following pages and reports:</p>\r\n <ul>\r\n <li>Application Roles Page (IT Shop)</li>\r\n </ul>\r\n \r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab3\" role=\"tabpanel\">\r\n <p>Grants <b>Executor</b> access for the following services:</p>\r\n <ul>\r\n <li>GroupsAPI.GetAssignedAppRolesByPersonGUID</li>\r\n <li>GroupsAPI.GetUser</li>\r\n <li>GroupsAPI.OwnersByAppRoleId</li>\r\n <li>GroupsAPI.GetAnonymousInfo</li>\r\n <li>\tGroupsAPI.GetAssignedMembershipByOrgRoleOrgZoneID</li>\r\n <li>GroupsAPI.GetGroups</li>\r\n <li>GroupsAPI</li>\r\n <li>GroupsAPI.GetTargetSystemFilterdata</li>\r\n <li>GroupsAPI.GetSuggestedAppRolesByOrgRoleIdOrgZoneId</li>\r\n <li>GroupsAPI.GetSingleOrgRole</li>\r\n <li>\tGroupsAPI.ApproversByAppRoleId</li>\r\n <li>GroupsAPI.CheckAssignmentStatus</li>\r\n <li>\tGroupsAPI.GetOwnersAndApprovers</li>\r\n <li>GroupsAPI.GetUserGroups</li>\r\n </ul>\r\n </div>\r\n</div>","javascript":"","css":""}
UI-IT-Shop-MS-Application-Role-Base
Feature Set (UI)
Grants the minimal access needed to shop for Application Roles (Groups) in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and web services:
 Tabs macro
defaultColor#42526e
activeColor#0052CC
width30
hoverColor#0065FF
tabTypeno-icon
stylestyle-1
alignmentleft
[{"label":"User Interface Controls","id":"1","content":{"version":1,"type":"doc","content":[{"type":"paragraph","content":[{"type":"text","text":"Grants "},{"type":"text","text":"Viewer ","marks":[{"type":"strong"}]},{"type":"text","text":"access for the following controls:"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ITSHOP-ApplicationRoles-ManageAccessAccess"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Application Roles Name Attribute Control (IT Shop)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ITSHOP-ApplicationRoles-RequestAccess"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ITShop-TimeConstrainedApplicationRoles-Control"}]}]}]},{"type":"paragraph","content":[]}]},"icon":"material-design/Monitor"},{"label":"Pages and Reports","id":"2","content":{"version":1,"type":"doc","content":[{"type":"paragraph","content":[{"type":"text","text":"Grants "},{"type":"text","text":"Viewer","marks":[{"type":"strong"}]},{"type":"text","text":" access for the following pages and reports:"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Application Roles Page (ITShop)"}]}]}]},{"type":"paragraph","content":[]}]},"icon":"font-awesome/RegNewspaper"},{"label":"Web Services","id":"a5il0ayzg","content":{"version":1,"type":"doc","content":[{"type":"paragraph","content":[{"type":"text","text":"Grants "},{"type":"text","text":"Executor ","marks":[{"type":"strong"}]},{"type":"text","text":"access for the following web services:"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"CheckForSODAPI.GetUserGroups"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"CartSubmissionAPI.ProcessGroups"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"GroupsAPI.GetSuggestedAppRolesByOrgRoleIdOrgZoneId"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"CartSubmissionAPI"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"CartSubmissionAPI.GetUserGroups"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"GroupsAPI"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"MscGlobalConfig.GetMultipleConfigSettings"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"GroupsAPI.GetOwnersAndApprovers"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"GroupsAPI.GetUser"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"GroupsAPI.GetSingleOrgRole"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"GroupsAPI.GetTargetSystemFilterdata"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"MscUtility.ListItemsBySetName"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"GroupsAPI.CheckAssignmentStatus"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"GroupsAPI.GetUserGroups"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"GroupsAPI.GetAssignedAppRolesByPersonGUID"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"GroupsAPI.GetAssignedMembershipByOrgRoleOrgZoneID"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"MscPerson.GetPhoto"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"GroupsAPI.GetGroups"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"GroupsAPI.ApproversByAppRoleId"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"GroupsAPI.OwnersByAppRoleId"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"GroupsAPI.GetAnonymousInfo"}]}]}]},{"type":"paragraph","content":[]}]},"icon":"material-design/MiscellaneousServices"}]
UI-IT-Shop-MS-Azure-Admin-Role
Feature Set (UI)
Grants access to shop for Azure Admin Directory Roles in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and web services:
 Easy html macro
theme{"label":"solarized_dark","value":"solarized_dark"}
contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<style>\r\n.nav {\r\n border: 1px solid #C1C1C8;\r\n border-style: none none solid none;\r\n padding: 0;\r\n margin: 12px 0 32px;\r\n display: flex;\r\n flex-wrap: nowrap;\r\n overflow: auto;\r\n}\r\n .nav-link {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n}\r\n.nav-link.active {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n border-bottom: 2px solid #1662DD !important;\r\n border-radius: 0px !important;\r\n}\r\n</style>\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <ul class=\"nav nav-pills mb-3\" id=\"pills-tab\" role=\"tablist\">\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link active\" id=\"pills-first-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab1\" type=\"button\" role=\"tab\">User Interface Controls</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-second-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab2\" type=\"button\" role=\"tab\">Pages and Reports</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-third-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab3\" type=\"button\" role=\"tab\">Web Service</button>\r\n </li>\r\n</ul>\r\n<div class=\"tab-content\" id=\"pills-tabContent\">\r\n <div class=\"tab-pane fade show active\" id=\"tab1\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following controls:</p>\r\n <ul>\r\n <li>\tAzure Admin Roles Role Types Control (IT Shop)</li>\r\n <li>Manage Access Business Request Attribute Control (IT Shop)</li>\r\n <li>Azure Admin Roles Resource System Attribute Control (IT Shop)</li>\r\n <li>\tAzure Admin Roles Role Type Attribute Control (IT Shop)</li>\r\n <li>\tAzure Admin Roles Advanced Search Control (IT Shop)</li>\r\n <li>\tAzure Admin Roles Global Functions Control (ITShop)</li>\r\n <li>Azure Admin Roles Tenants Control (IT Shop)</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab2\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following pages and reports:</p>\r\n <ul>\r\n <li>Azure Admin Roles Page (IT Shop)</li>\r\n </ul>\r\n \r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab3\" role=\"tabpanel\">\r\n <p>Grants <b>Executor</b> access for the following services:</p>\r\n <ul>\r\n <li>AzureRolesAPI.CheckAssignmentStatus</li>\r\n <li>AzureRolesAPI.GetRoleTypes</li>\r\n <li>AzureRolesAPI</li>\r\n <li>AzureRolesAPI.GetAdTree</li>\r\n <li>AzureRolesAPI.GetSingleAzureAdminRole</li>\r\n <li>AzureRolesAPI.GetAllAssigned</li>\r\n <li>AzureRolesAPI.GetAzureAdminRoles</li>\r\n </ul>\r\n </div>\r\n</div>","javascript":"","css":""}
UI-IT-Shop-MS-Azure-License
Feature Set (UI)
Grants access to shop for Azure Licenses in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and web services:
 Easy html macro
theme{"label":"solarized_dark","value":"solarized_dark"}
contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<style>\r\n.nav {\r\n border: 1px solid #C1C1C8;\r\n border-style: none none solid none;\r\n padding: 0;\r\n margin: 12px 0 32px;\r\n display: flex;\r\n flex-wrap: nowrap;\r\n overflow: auto;\r\n}\r\n .nav-link {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n}\r\n.nav-link.active {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n border-bottom: 2px solid #1662DD !important;\r\n border-radius: 0px !important;\r\n}\r\n</style>\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <ul class=\"nav nav-pills mb-3\" id=\"pills-tab\" role=\"tablist\">\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link active\" id=\"pills-first-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab1\" type=\"button\" role=\"tab\">User Interface Controls</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-second-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab2\" type=\"button\" role=\"tab\">Pages and Reports</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-third-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab3\" type=\"button\" role=\"tab\">Web Services</button>\r\n </li>\r\n</ul>\r\n<div class=\"tab-content\" id=\"pills-tabContent\">\r\n <div class=\"tab-pane fade show active\" id=\"tab1\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following controls:</p>\r\n <ul>\r\n <li>Azure Licenses Tenant Subscription Attribute Control (IT Shop)</li>\r\n <li>Azure Licenses Resource System Attribute Control (IT Shop)</li>\r\n <li>Azure Licenses Name Attribute Control (IT Shop)</li>\r\n <li>Azure License Pool Control (IT Shop)</li>\r\n <li>Manage Access Business Request Attribute Control (IT Shop)</li>\r\n <li>Azure Licenses License Pool Attribute Control (IT Shop)</li>\r\n <li>Azure Subscription Control (IT Shop)</li>\r\n <li>Azure Licenses Advanced Search Control (IT Shop)</li>\r\n <li>Azure Licenses Licensed Assignee Attribute Control (IT Shop)</li>\r\n <li>Azure Licenses Tenants Control (IT Shop)</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab2\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following pages and reports:</p>\r\n <ul>\r\n <li>Azure Licenses Page (IT Shop)</li>\r\n </ul>\r\n \r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab3\" role=\"tabpanel\">\r\n <p>Grants <b>Executor</b> access for the following services:</p>\r\n <ul>\r\n <li>\tAzureLicenseBundleAPI.GetTenantSubscriptionServices</li>\r\n <li>AzureLicenseBundleAPI</li>\r\n <li>AzureLicenseBundleAPI.GetAllEligibleLicenseBundlesByAssigneeId</li>\r\n <li>\tAzureLicenseBundleAPI.GetSinglee</li>\r\n <li>\tAzureLicenseBundleAPI.GetAllAzLocalServiceBundles</li>\r\n <li>AzureLicenseBundleAPI.GetAllAssignedLicenseBundlesByAssigneeId</li>\r\n <li>AzureLicenseBundleAPI.GetAllAzLicensePool</li>\r\n <li>AzureLicenseBundleAPI.GetAllAzureAdScimResourceSystems</li>\r\n <li>\tAzureLicenseBundleAPI.CheckAssignmentStatus</li>\r\n </ul>\r\n </div>\r\n</div>","javascript":"","css":""}
UI-IT-Shop-MS-Azure-RBAC-Role
Feature Set (UI)
Grants access to shop for Azure RBAC Roles in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and web services:
 Easy html macro
theme{"label":"solarized_dark","value":"solarized_dark"}
contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<style>\r\n.nav {\r\n border: 1px solid #C1C1C8;\r\n border-style: none none solid none;\r\n padding: 0;\r\n margin: 12px 0 32px;\r\n display: flex;\r\n flex-wrap: nowrap;\r\n overflow: auto;\r\n}\r\n .nav-link {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n}\r\n.nav-link.active {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n border-bottom: 2px solid #1662DD !important;\r\n border-radius: 0px !important;\r\n}\r\n</style>\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <ul class=\"nav nav-pills mb-3\" id=\"pills-tab\" role=\"tablist\">\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link active\" id=\"pills-first-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab1\" type=\"button\" role=\"tab\">User Interface Controls</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-second-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab2\" type=\"button\" role=\"tab\">Pages and Reports</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-third-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab3\" type=\"button\" role=\"tab\">Web Services</button>\r\n </li>\r\n</ul>\r\n<div class=\"tab-content\" id=\"pills-tabContent\">\r\n <div class=\"tab-pane fade show active\" id=\"tab1\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following controls:</p>\r\n <ul>\r\n <li>Azure Rbac Roles Global Functions Control (ITShop)</li>\r\n <li>Azure Rbac Roles Role Types Control (IT Shop)</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab2\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following pages and reports:</p>\r\n <ul>\r\n <li>\tAzure Rbac Roles Page (ITShop)</li>\r\n </ul>\r\n \r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab3\" role=\"tabpanel\">\r\n <p>Grants <b>Executor</b> access for the following services:</p>\r\n <ul>\r\n <li>AzureRolesAPI.GetRoleTypes</li>\r\n <li>\tAzureRolesAPI.CheckAssignmentStatus</li>\r\n <li>\tAzureRolesAPI.GetAzureRbacRoles</li>\r\n <li>AzureRolesAPI.GetAdTree</li>\r\n <li>AzureRolesAPI.GetAllAssigned</li>\r\n <li>AzureRolesAPI</li>\r\n <li>AzureRolesAPI.GetSingleAzureRole</li>\r\n </ul>\r\n </div>\r\n</div>","javascript":"","css":""}
UI-IT-Shop-MS-Business-Role
Feature Set (UI)
Grants access to shop for Business Roles in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and web services:
 Easy html macro
theme{"label":"solarized_dark","value":"solarized_dark"}
contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<style>\r\n.nav {\r\n border: 1px solid #C1C1C8;\r\n border-style: none none solid none;\r\n padding: 0;\r\n margin: 12px 0 32px;\r\n display: flex;\r\n flex-wrap: nowrap;\r\n overflow: auto;\r\n}\r\n .nav-link {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n}\r\n.nav-link.active {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n border-bottom: 2px solid #1662DD !important;\r\n border-radius: 0px !important;\r\n}\r\n</style>\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <ul class=\"nav nav-pills mb-3\" id=\"pills-tab\" role=\"tablist\">\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link active\" id=\"pills-first-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab1\" type=\"button\" role=\"tab\">User Interface Controls</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-second-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab2\" type=\"button\" role=\"tab\">Pages and Reports</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-third-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab3\" type=\"button\" role=\"tab\">Web Services</button>\r\n </li>\r\n</ul>\r\n<div class=\"tab-content\" id=\"pills-tabContent\">\r\n <div class=\"tab-pane fade show active\" id=\"tab1\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following controls:</p>\r\n <ul>\r\n <li>Azure Rbac Roles Global Functions Control (ITShop)</li>\r\n <li>Azure Rbac Roles Role Types Control (IT Shop)</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab2\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following pages and reports:</p>\r\n <ul>\r\n <li>\tAzure Rbac Roles Page (ITShop)</li>\r\n </ul>\r\n \r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab3\" role=\"tabpanel\">\r\n <p>Grants <b>Executor</b> access for the following services:</p>\r\n <ul>\r\n <li>AzureRolesAPI.GetRoleTypes</li>\r\n <li>\tAzureRolesAPI.CheckAssignmentStatus</li>\r\n <li>\tAzureRolesAPI.GetAzureRbacRoles</li>\r\n <li>AzureRolesAPI.GetAdTree</li>\r\n <li>AzureRolesAPI.GetAllAssigned</li>\r\n <li>AzureRolesAPI</li>\r\n <li>AzureRolesAPI.GetSingleAzureRole</li>\r\n </ul>\r\n </div>\r\n</div>","javascript":"","css":""}
UI-IT-Shop-MS-Common
Feature Set (UI)
Grants access for common/shared UI and APIs used by the IAM Shop. The role specifically grants access to the following applications, user interface controls, and web services:
 Easy html macro
theme{"label":"solarized_dark","value":"solarized_dark"}
contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<style>\r\n.nav {\r\n border: 1px solid #C1C1C8;\r\n border-style: none none solid none;\r\n padding: 0;\r\n margin: 12px 0 32px;\r\n display: flex;\r\n flex-wrap: nowrap;\r\n overflow: auto;\r\n}\r\n .nav-link {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n}\r\n.nav-link.active {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n border-bottom: 2px solid #1662DD !important;\r\n border-radius: 0px !important;\r\n}\r\n</style>\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <ul class=\"nav nav-pills mb-3\" id=\"pills-tab\" role=\"tablist\">\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link active\" id=\"pills-first-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab1\" type=\"button\" role=\"tab\">Applications</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-second-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab2\" type=\"button\" role=\"tab\">User Interface Controls</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-third-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab3\" type=\"button\" role=\"tab\">Web Services</button>\r\n </li>\r\n</ul>\r\n<div class=\"tab-content\" id=\"pills-tabContent\">\r\n <div class=\"tab-pane fade show active\" id=\"tab1\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following applications:</p>\r\n <ul>\r\n <li>IT Shop Microservice App</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab2\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following user interface controls:</p>\r\n <ul>\r\n <li>Manage Access Workflow Id Attribute Control (IT Shop)</li>\r\n <li>Resource's Access Request Policy Control (IT Shop)</li>\r\n <li>ITShop-ShowManageAccessFiltersBar-Control</li>\r\n <li>Reassign Cart Approver Control (IT Shop)</li>\r\n <li>Shop For Target Person Control (IT Shop)</li>\r\n <li>ITShop Workflow Tab Control</li>\r\n <li>Simple Text Search Control (IT Shop)</li>\r\n <li>Manage Access View Pending Access Control (IT Shop)</li>\r\n <li>Shop By Reference Person Control (IT Shop)</li>\r\n <li>Show Cart Approver Control (IT Shop)</li>\r\n <li>Manage Access Business Request Attribute Control (IT Shop)</li>\r\n <li>Show Guided Shop for first time login (IT Shop)</li>\r\n <li>Cart Due Date Control (IT Shop)</li>\r\n </ul>\r\n \r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab3\" role=\"tabpanel\">\r\n <p>Grants <b>Executor</b> access for the following services:</p>\r\n <ul>\r\n <li>MscPerson.GetSearch</li>\r\n <li>CartSubmissionAPI.GetAnonymousInfo</li>\r\n <li>CartSubmissionAPI.SubmitCart</li>\r\n <li>CartSubmissionAPI.DefaultApprover</li>\r\n <li>MscPerson.GetPersonByGUID</li>\r\n <li>MscProtectedApplication.GetTargetSystemFilterData</li>\r\n <li>CartSubmissionAPI.GetUserGroups</li>\r\n <li>MscPerson.GetPhoto</li>\r\n <li>LocalizationAPI</li>\r\n <li>MscLocalization.AvailableLanguages</li>\r\n <li>CartSubmissionAPI.BusinessRequestTypes</li>\r\n <li>CartSubmissionAPI.ProcessAzureAdminRoles</li>\r\n <li>CartSubmissionAPI.ProcessGroups</li>\r\n <li>CartSubmissionAPI.GetUser</li>\r\n <li>CartSubmissionAPI.ProcessOrgRoles</li>\r\n <li>CartSubmissionAPI.SuggestedApprovers</li>\r\n <li>MscLocalization.GetByResourceSet</li>\r\n <li>CartSubmissionAPI</li>\r\n <li>MscGlobalConfig.GetConfigSetting</li>\r\n <li>CartSubmissionAPI.ProcessLicenseBundles</li>\r\n <li>CartSubmissionAPI.ProcessManagementRoles</li>\r\n <li>CartSubmissionAPI.GetCartItemResults</li>\r\n <li>MscProtectedApplication.GetChildren</li>\r\n <li>LocalizationAPI.CountryHelpText</li>\r\n <li>MscProtectedApplication.AllowedSsoApplications</li>\r\n </ul>\r\n </div>\r\n</div>","javascript":"","css":""}
UI-IT-Shop-MS-Computer
Feature Set (UI)
Grants access to shop for access to servers in the IAM Shop microservice app. . The role specifically grants access to the following user interface controls, pages and reports, and workflows:
 Tabs macro
defaultColor#42526e
activeColor#0052CC
width30
hoverColor#0065FF
tabTypeno-icon
stylestyle-1
alignmentleft
[{"label":"Control (User Interface)","id":"1","content":{"version":1,"type":"doc","content":[{"type":"paragraph","content":[{"type":"text","text":"Grants Viewer access to the following user interface controls:"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Computers Advanced Search Control (IT Shop)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ITShop-TimeConstrainedComputers-Control"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Computers Environment Control (IT Shop)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ComputerCapability Control (IT Shop)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ITSHOP-Computers-RequestAccess"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Computers Computer Control (IT Shop)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Computer Operating System Control (IT Shop)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Manage Access Business Request Attribute Control (IT Shop)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ITShop-Computers-LoginAccess-ManageAccess"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ITShop-PreApprovedComputers-Control"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ITShop WhoConnected Control"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ITShop-Computers-SessionHistory-ManageAccess"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ITShop-Computers-Membership-ManageAccess"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ITSHOP-Computers-ManageAccessAccess"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Computers Active Sessions Filter (IT Shop)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Computers Infrastructure (IT Shop)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Computers Login Session History Computers Filter (IT Shop)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ITShop-Computers-Workflow-Control"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Computers Instance Type Control (IT Shop)"}]}]}]},{"type":"paragraph","content":[]}]},"icon":""},{"label":"Pages and Reports","id":"2","content":{"version":1,"type":"doc","content":[{"type":"paragraph","content":[{"type":"text","text":"Grants "},{"type":"text","text":"Viewer","marks":[{"type":"strong"}]},{"type":"text","text":" access to the following pages and reports:"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Computers PSM Sessions Recordings Page (IT Shop)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Computers Page (ITShop)"}]}]}]},{"type":"paragraph","content":[]}]},"icon":""},{"label":"Workflows","id":"l9gkqmb8z","content":{"version":1,"type":"doc","content":[{"type":"paragraph","content":[{"type":"text","text":"Grants "},{"type":"text","text":"Initiator","marks":[{"type":"strong"}]},{"type":"text","text":" access to the following workflows:"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"OnboardAccount"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Just in Time Admin Access"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Open PSM Session WF"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ManageCredentialWizard"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"OnboardCredential"}]}]}]},{"type":"paragraph","content":[]}]}}]
UI-IT-Shop-MS-Full-Access
Feature Set (UI)
Grants access to all Item Types and UI in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, web services and workflows:
 Easy html macro
theme{"label":"solarized_dark","value":"solarized_dark"}
contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<style>\r\n.nav {\r\n border: 1px solid #C1C1C8;\r\n border-style: none none solid none;\r\n padding: 0;\r\n margin: 12px 0 32px;\r\n display: flex;\r\n flex-wrap: nowrap;\r\n overflow: auto;\r\n}\r\n .nav-link {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n}\r\n.nav-link.active {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n border-bottom: 2px solid #1662DD !important;\r\n border-radius: 0px !important;\r\n}\r\n</style>\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <ul class=\"nav nav-pills mb-3\" id=\"pills-tab\" role=\"tablist\">\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link active\" id=\"pills-first-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab1\" type=\"button\" role=\"tab\">Applications</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-second-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab2\" type=\"button\" role=\"tab\">User Interface Controls</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-third-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab3\" type=\"button\" role=\"tab\">Pages and Reports</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-fourth-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab4\" type=\"button\" role=\"tab\">Web Services</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-fifth-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab5\" type=\"button\" role=\"tab\">Workflows</button>\r\n </li>\r\n</ul>\r\n<div class=\"tab-content\" id=\"pills-tabContent\">\r\n <div class=\"tab-pane fade show active\" id=\"tab1\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following applications:</p>\r\n <ul>\r\n <li>EmpowerID Web</li>\r\n <li>IT Shop Microservice App</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab2\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following controls:</p>\r\n <ul>\r\n <li>Application Roles Resource System Attribute Control (IT Shop)</li>\r\n <li>Manage Access View Pending Access Control (IT Shop)</li>\r\n <li>Shop For Target Person Control (IT Shop)</li>\r\n <li>Simple Text Search Control (IT Shop)</li>\r\n <li>Azure Admin Roles Resource System Attribute Control (IT Shop)</li>\r\n <li>Azure Licenses Tenants Control (IT Shop)</li>\r\n <li>Application Roles Name Attribute Control (IT Shop)</li>\r\n <li>Azure Admin Roles Role Type Attribute Control (IT Shop)</li>\r\n <li>Azure Licenses License Pool Attribute Control (IT Shop)</li>\r\n <li>Management Roles Advanced Search Control (IT Shop)</li>\r\n <li>Business Domains Control (IT Shop)</li>\r\n <li>Application Roles Owners Attribute Control (IT Shop)</li>\r\n <li>Application Roles TCode Control (IT Shop)</li>\r\n <li>Azure Licenses Advanced Search Control (IT Shop)</li>\r\n <li>Target System Control (IT Shop)</li>\r\n <li>Azure Admin Roles Tenants Control (IT Shop)</li>\r\n <li>Application Roles High Level Classification Attribute Control (IT Shop)</li>\r\n <li>Show Guided Shop for first time login (IT Shop)</li>\r\n <li>Azure Subscription Control (IT Shop)</li>\r\n <li>Shop By Reference Person Control (IT Shop)</li>\r\n <li>Azure Licenses Name Attribute Control (IT Shop)</li>\r\n <li>Application Roles Account Store Attribute Control (IT Shop)</li>\r\n <li>Azure Licenses Resource System Attribute Control (IT Shop)</li>\r\n <li>Application Processes Control (IT Shop)</li>\r\n <li>Shared Folders Advanced Search Control (IT Shop)</li>\r\n <li>Mailboxes Advanced Search Control (IT Shop)</li>\r\n <li>Azure Licenses Licensed Assignee Attribute Control (IT Shop)</li>\r\n <li>Azure Admin Roles Role Types Control (IT Shop)</li>\r\n <li>Reassign Cart Approver Control (IT Shop)</li>\r\n <li>Business Roles Parent Business Role Attribute Control (IT Shop)</li>\r\n <li>Azure Licenses Tenant Subscription Attribute Control (IT Shop)</li>\r\n <li>Credentials Advance Search Control IT Shop</li>\r\n <li>Management Roles Name Attribute Control (IT Shop)</li>\r\n <li>Business Functions Control (IT Shop)</li>\r\n <li>Management Roles Type Friendly Name Attribute Control (IT Shop)</li>\r\n <li>Business Roles High Level Classification Attribute Control (IT Shop)</li>\r\n <li>Business Roles Role Approvers Attribute Control (IT Shop)</li>\r\n <li>Azure License Pool Control (IT Shop)</li>\r\n <li>Application Roles Advanced Search Control (IT Shop)</li>\r\n <li>Suggested Application Roles Control (IT Shop)</li>\r\n <li>Manage Access Business Request Attribute Control (IT Shop)</li>\r\n <li>Computers Advanced Search Control (IT Shop)</li>\r\n <li>Management Roles Owners Attribute Control (IT Shop)</li>\r\n <li>Azure Admin Roles Advanced Search Control (IT Shop)</li>\r\n <li>Business Roles TCode Control (IT Shop)</li>\r\n <li>Business Roles Name Attribute Control (IT Shop)</li>\r\n <li>Business Roles Owners Attribute Control (IT Shop)</li>\r\n <li>Business Roles Advanced Search Control (IT Shop)</li>\r\n <li>Business Roles Advanced Search Control (IT Shop)</li>\r\n <li>Azure Rbac Roles Role Types Control (IT Shop)</li>\r\n </ul>\r\n </div>\r\n \r\n <div class=\"tab-pane fade show\" id=\"tab3\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following pages and reports:</p>\r\n <ul>\r\n <li>Business Roles Page (ITShop)</li>\r\n <li>Azure Licenses Page (IT Shop)</li>\r\n <li>Azure Rbac Roles Page (ITShop)</li>\r\n <li>Application Roles Page (ITShop)</li>\r\n <li>Azure Admin Roles Page (ITShop)</li>\r\n <li>Management Roles Page (ITShop)</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab4\" role=\"tabpanel\">\r\n <p>Grants <b>Executor</b> access for the following services:</p>\r\n <ul>\r\n <li>CartSubmissionAPI.SubmitCart</li>\r\n <li>CartSubmissionAPI.SubmitCart</li>\r\n <li>AllRbacObjects</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab5\" role=\"tabpanel\">\r\n <p>Grants <b>Initiator</b> access for the following workflows:</p>\r\n <ul>\r\n <li>UpdatePersonManagementRoles</li>\r\n <li>UpdatePersonBusinessRoles</li>\r\n <li>UpdatePersonDirectAssignment</li>\r\n </ul>\r\n </div>\r\n</div>","javascript":"","css":""}
UI-IT-Shop-MS-Mailbox
Feature Set (UI)
Grants access to shop for access to Office 365 Mailboxes in the IAM Shop microservice app. The role specifically grants access to the following user interface controls and pages and reports:
 Tabs macro
defaultColor#42526e
activeColor#0052CC
width30
hoverColor#0065FF
tabTypeno-icon
stylestyle-1
alignmentleft
[{"label":"Controls (User Interface)","id":"1","content":{"version":1,"type":"doc","content":[{"type":"paragraph","content":[{"type":"text","text":"Grants Viewer access to the following user interface controls:"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ITShop-PreApprovedMailboxes-Control"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ITSHOP-Mailboxes-RequestAccess"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ITShop-TimeConstrainedMailboxes-Control"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Manage Access Business Request Attribute Control (IT Shop)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Mailboxes Advanced Search Control (IT Shop)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ITSHOP-Mailboxes-ManageAccessAccess"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Mailboxes Mailbox Type Control (IT Shop)"}]}]}]},{"type":"paragraph","content":[]}]},"icon":""},{"label":"Pages and Reports","id":"2","content":{"version":1,"type":"doc","content":[{"type":"paragraph","content":[{"type":"text","text":"Grants "},{"type":"text","text":"Viewer","marks":[{"type":"strong"}]},{"type":"text","text":" access to the following pages and reports:”"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Mail Boxes Page (ITShop)"}]}]}]},{"type":"paragraph","content":[]}]},"icon":""}]
UI-IT-Shop-MS-Management-Role
Feature Set (UI)
Grants access to shop for EmpowerID Management Roles in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, web services, and workflows:
 Tabs macro
defaultColor#42526e
activeColor#0052CC
width30
hoverColor#0065FF
tabTypeno-icon
stylestyle-1
alignmentleft
[{"label":"Controls (User Interface)","id":"1","content":{"version":1,"type":"doc","content":[{"type":"paragraph","content":[{"type":"text","text":"Grants "},{"type":"text","text":"Viewer ","marks":[{"type":"strong"}]},{"type":"text","text":"access to the following user interface controls:"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Management Roles Type Friendly Name Attribute Control (IT Shop)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Suggested Management Roles Control (IT Shop)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ITSHOP-ManagementRoles-ManageAccessAccess"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ITShop-DirectAssignedManagementRoles-Control"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"TCodes Grid Control (IT Shop)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Management Roles Applications Control (IT Shop)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ITShop-TimeConstrainedManagementRoles-Control"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Manage Access Business Request Attribute Control (IT Shop)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Management Roles Business Functions Control (IT Shop)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Suggested Management Roles Grid Control IT Shop"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Pre-Approved Management Roles Control (IT Shop)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Management Roles TCode Control (IT Shop)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ITSHOP-ManagementRoles-RequestAccess"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Management Roles Name Attribute Control (IT Shop)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Management Roles Advanced Search Control (IT Shop)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Management Roles Owners Attribute Control (IT Shop)"}]}]}]},{"type":"paragraph","content":[]}]},"icon":""},{"label":"Pages and Reports","id":"2","content":{"version":1,"type":"doc","content":[{"type":"paragraph","content":[{"type":"text","text":"Grants "},{"type":"text","text":"Viewer ","marks":[{"type":"strong"}]},{"type":"text","text":"access to the following pages and reports:"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Management Roles Page (ITShop)"}]}]}]},{"type":"paragraph","content":[]}]},"icon":""},{"label":"Web Services","id":"8x57jhlr2","content":{"version":1,"type":"doc","content":[{"type":"paragraph","content":[{"type":"text","text":"Grants "},{"type":"text","text":"Executor ","marks":[{"type":"strong"}]},{"type":"text","text":"access to the following Web services:"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ManagementRolesAPI.GetManagementRoles"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ManagementRolesAPI.CheckAssignmentStatus"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ManagementRolesAPI.GetAllAssigned"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ManagementRolesAPI"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ManagementRolesAPI.GetSingleManagementRole"}]}]}]},{"type":"paragraph","content":[]}]}},{"label":"Workflows","id":"19m6jbj7f","content":{"version":1,"type":"doc","content":[{"type":"paragraph","content":[{"type":"text","text":"Grants "},{"type":"text","text":"Initiator","marks":[{"type":"strong"}]},{"type":"text","text":" Access for the following workflows:"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"AddPersonToManagementRoleWF"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"AddPersonToPreapprovedResourceWF"}]}]}]},{"type":"paragraph","content":[]}]}}]
UI-IT-Shop-MS-Risk
Feature Set (UI)
Grants access to view and interact with Risks in the IAM Shop microservice app. The role specifically grants access to the following user interface controls and web services:
 Tabs macro
defaultColor#42526e
activeColor#0052CC
width30
hoverColor#0065FF
tabTypeno-icon
stylestyle-1
alignmentleft
[{"label":"Controls (User Interface)","id":"1","content":{"version":1,"type":"doc","content":[{"type":"paragraph","content":[{"type":"text","text":"Grants "},{"type":"text","text":"Viewer ","marks":[{"type":"strong"}]},{"type":"text","text":"access to the following user interface controls:"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Local Sensitive Functions Grid Control (IT Shop)"}]}]}]},{"type":"paragraph","content":[]}]},"icon":""},{"label":"Web Services","id":"8x57jhlr2","content":{"version":1,"type":"doc","content":[{"type":"paragraph","content":[{"type":"text","text":"Grants "},{"type":"text","text":"Executor ","marks":[{"type":"strong"}]},{"type":"text","text":"access to the following Web services:"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"CheckForSODAPI.GetUser"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"CheckForSODAPI"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"CheckForSODAPI.GetAssigneesForOrgRoleType"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"CheckForSODAPI.GetUserGroups"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"CheckForSODAPI.ExecuteMethod"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"CheckForSODAPI.CheckForSOD"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"CheckForSODAPI.GetAnonymousInfo"}]}]}]},{"type":"paragraph","content":[]}]}}]
UI-IT-Shop-MS-Shared-Credential
Feature Set (UI)
Grants access to shop for Shared Credentials in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and web services: 
 Tabs macro
defaultColor#42526e
activeColor#0052CC
width30
hoverColor#0065FF
tabTypeno-icon
stylestyle-1
alignmentleft
[{"label":"Controls (User Interface)","id":"1","content":{"version":1,"type":"doc","content":[{"type":"paragraph","content":[{"type":"text","text":"Grants "},{"type":"text","text":"Viewer ","marks":[{"type":"strong"}]},{"type":"text","text":"access to the following user interface controls:"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Credentials Show Pre Approved Filter Control IT Shop"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ITSHOP-Credentials-RequestAccess"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ITShop-Credentials-ManageCredentials-ManageAccess"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ITShop-TimeConstrainedCredentials-Control"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ITShop-ExpiringCredentials-Control"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ITShop-Credentials-History-ManageAccess"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ITShop-DirectAssignedCredentials-Control"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ITSHOP-Credentials-ManageAccessAccess"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Credentials Advance Search Control IT Shop"}]}]}]},{"type":"paragraph","content":[]}]},"icon":""},{"label":"Pages and Reports","id":"8x57jhlr2","content":{"version":1,"type":"doc","content":[{"type":"paragraph","content":[{"type":"text","text":"Grants "},{"type":"text","text":"Viewer ","marks":[{"type":"strong"}]},{"type":"text","text":"access to the following pages and reports:"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ITShop Computers Page"}]}]}]},{"type":"paragraph","content":[]}]}},{"label":"Workflows","id":"ee9o3h0xn","content":{"version":1,"type":"doc","content":[{"type":"paragraph","content":[{"type":"text","text":"Grants "},{"type":"text","text":"Initiator ","marks":[{"type":"strong"}]},{"type":"text","text":"access to the following workflows:"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Check-Out Credential"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Check-In Credential"}]}]}]},{"type":"paragraph","content":[]}]}}]
VIS-IT-Shop-MS-API 
Visibility (VIS)
Grants access to the base web services required by all users of the IAM Shop Microservice. The role specifically grants access to the following web services:
  • BusinessLocationsAPI.GetUserGroups
  • BusinessLocationsAPI.GetUser
  • BusinessLocationsAPI.GetEligibleLocation
  • ComputersAPI.GetAllAssignedComputers
  • AzureRolesAPI.CheckAssignmentStatus
  • MscAccessRequestPolicy.GetByResourceID
  • AzureRolesAPI.GetAllAssigned
  • BusinessLocationsAPI.GetChildren
  • MscPerson.GetPhoto
  • MscResourceAccessRequestAssignee.GetByResourceIdForAssignee
  • MscUIAction.GetByResourceID
  • MscUtility.ListItemsBySetName
  • ExternalCredentialsAPI.GetAllExternalCredentials
  • ExternalCredentialsAPI.ValidateMasterPassword
  • MscRenewableAssignment.IsRenewableAssignment
  • MscExternalCredential.DeleteCredential
  • MscExternalCredential.DeleteCredential
  • ComputersAPI.GetComputersForLoginSessionAccess
  • BusinessRolesAPI.GetAnonymousInfo
  • GroupsAPI.GetGroups
  • BusinessRolesAPI.GetAssignedBusinessRolesByPersonGUID
  • GroupsAPI.GetAssignedAppRolesByPersonGUID
  • CartSubmissionAPI
  • CartSubmissionAPI.ProcessOrgRoles
  • GroupsAPI.GetTargetSystemFilterdata
  • CartSubmissionAPI.ProcessLicenseBundles
  • AzureLicenseBundleAPI.GetAllEligibleLicenseBundlesByAssigneeId
  • ManagementRolesAPI.GetManagementRoles
  • AzureRolesAPI.GetSingleAzureAdminRole
  • GroupsAPI.GetOwnersAndApprovers
  • MscGlobalConfig.GetConfigSetting
  • MscPerson.PeopleToSetAsDelegate
  • ManagementRolesAPI.OwnersByManagementRoleId
  • SharedFoldersAPI.GetSingleSharedFolder
  • SharedFoldersAPI.GetAllAssignedSharedFolders
  • MailBoxesAPI.GetAllAssignedMailBoxes
  • ProtectedApplicationsAPI.GetOwnersOrDeputies
  • SharepointAPI.GetAllWebSites
  • ComputersAPI.GetComputerOperatingSystemTypes
  • MscUtility.ListMethodSignatures
  • MscExternalCredential.CheckOutCredential
  • MscUtility.GetAdditionalDynamicProperties
  • BusinessRolesAPI.GetUserGroups
  • BusinessRolesAPI.GetUser
  • GroupsAPI.GetUser
  • BusinessLocationsAPI.GetAnonymousInfo
  • BusinessFunctionsAPI.GetAnonymousInfo
  • BusinessFunctionsAPI.GetUser
  • BusinessLocationsAPI.GetOrgZoneTypes
  • BusinessRolesAPI.ExecuteMethod
  • CheckForSODAPI
  • CheckForSODAPI.CheckForSOD
  • GroupsAPI.GetAssignedMembershipByOrgRoleOrgZoneID
  • GroupsAPI.GetSingleOrgRole
  • CartSubmissionAPI.GetAnonymousInfo
  • All ITShop WebServices
  • CheckForSODAPI.GetAssigneesForOrgRoleType
  • AzureLicenseBundleAPI
  • AzureLicenseReportAPI.getReportByReportID
  • ManagementRolesAPI
  • ManagementRolesAPI.GetAllAssigned
  • ManagementRolesAPI.CheckAssignmentStatus
  • CartSubmissionAPI.ProcessAzureAdminRoles
  • AzureLicenseBundleAPI.GetTenantSubscriptionServices
  • LocalizationAPI.CountryHelpText
  • GroupsAPI.GetSuggestedAppRolesByOrgRoleIdOrgZoneId
  • GroupsAPI.OwnersByAppRoleId
  • BusinessFunctionsAPI.LocalFunctionsByAppRole
  • BusinessFunctionsAPI.LocalFunctionsByOrgRoleOrgZone
  • BusinessRolesAPI.OwnersByRoleId
  • BusinessRolesAPI.ApproversByRoleId
  • MscProtectedApplication.GetChildren
  • MscProtectedApplication.AllowedSsoApplications
  • MscPerson.PeopleToSetAsApprover
  • GroupsAPI.GetAssignedMembershipByAssigneeId
  • MailBoxesAPI.GetAllMailBoxTypes
  • MailBoxesAPI.GetAllMailBoxes
  • MscAccessRequestPolicy.GetAll
  • ComputersAPI.GetAllComputers
  • ComputersAPI.GetSingleComputer
  • ManagementRolesAPI.GetAllAssignedByOrgRoleOrgZoneId
  • MscBusinessRequestItem.GetByAssigneeIdResourceId
  • MscUIAction.GetByNounVerb
  • ExternalCredentialsAPI.GetCheckedOutByComputerIdPersonId
  • ManagementRolesAPI.GetAllAssignedByManagementRoleId
  • ProtectedApplicationsAPI.GetAllAssignedProtectedApplications
  • ComputersAPI.GetComputerPlatformTypes
  • ExternalCredentialsAPI.GetAllAssignedExternalCredentials
  • ExternalCredentialsAPI.GetExternalCredentialProxy
  • MscExternalCredential.GetExternalCredentialProxy
  • ResourceTag
  • BusinessRolesAPI
  • BusinessRolesAPI.GetOrgRole
  • BusinessRolesAPI.GetOrgRoles
  • GroupsAPI
  • GroupsAPI.GetAnonymousInfo
  • GroupsAPI.GetUserGroups
  • BusinessLocationsAPI
  • BusinessLocationsAPI.GetChildrenByOrgZoneGUID
  • BusinessFunctionsAPI
  • BusinessFunctionsAPI.GetUserGroups
  • BusinessFunctionsAPI.GetFunctions
  • BusinessLocationsAPI.ExecuteMethod
  • BusinessLocationsAPI.Search
  • BusinessLocationsAPI.GetOrgZonesByOrgZoneType
  • BusinessRolesAPI.GetApplicationRoleTemplates
  • LocalizationAPI
  • CheckForSODAPI.GetAnonymousInfo
  • CheckForSODAPI.GetUserGroups
  • CheckForSODAPI.GetUser
  • CheckForSODAPI.ExecuteMethod
  • BusinessRolesAPI.GetSingleOrgRole
  • BusinessRolesAPI.CheckAssignmentStatus
  • GroupsAPI.CheckAssignmentStatus
  • CartSubmissionAPI.GetUserGroups
  • CartSubmissionAPI.GetUser
  • CartSubmissionAPI.SubmitCart
  • CartSubmissionAPI.ProcessGroups
  • CartSubmissionAPI.ProcessManagementRoles
  • CartSubmissionAPI.GetCartItemResults
  • BusinessRolesAPI.GetAssignedAppRolesByPersonGUID
  • AzureLicenseBundleAPI.GetSingle
  • AzureLicenseBundleAPI.GetAllAssignedLicenseBundlesByAssigneeId
  • AzureLicenseBundleAPI.CheckAssignmentStatus
  • AzureLicenseBundleAPI.GetAllAzureAdScimResourceSystems
  • AzureLicenseBundleAPI.GetAllAzLocalServiceBundles
  • AzureLicenseBundleAPI.GetAllAzLicensePool
  • ManagementRolesAPI.GetSingleManagementRole
  • AzureRolesAPI
  • AzureRolesAPI.GetAzureAdminRoles
  • AzureRolesAPI.GetAzureRbacRoles
  • GroupsAPI.ApproversByAppRoleId
  • BusinessFunctionsAPI.LocalFunctionsByOrgRole
  • BusinessFunctionsAPI.GlobalFunctionsByOrgRole
  • BusinessRolesAPI.GetOwnersAndApprovers
  • AzureRolesAPI.GetAdTree
  • AzureRolesAPI.GetRoleTypes
  • AzureRolesAPI.GetSingleAzureRole
  • MscLocalization.GetByResourceSet
  • MscLocalization.AvailableLanguages
  • MscPerson.GetPersonByGUID
  • AccessRequestPolicyView
  • MscProtectedApplication.GetTargetSystemFilterData
  • CartSubmissionAPI.SuggestedApprovers
  • CartSubmissionAPI.DefaultApprover
  • BusinessFunctionsAPI.LocalRightsByAssigneeId
  • BusinessFunctionsAPI.LocalFunctionsByRole
  • GroupsAPI.GetSuggestedAppRolesByAssigneeId
  • MscProtectedApplication.SearchApplications
  • MscProtectedApplication.LinkedApplications
  • SharedFoldersAPI.GetAllSharedFolders
  • MscResourceTypeRole.GetByResourceId
  • ManagementRolesAPI.GetSuggestedManagementRolesByAssigneeId
  • MscPerson.OwnersByResourceId
  • BusinessFunctionsAPI.LocalFunctionsByAssignee
  • MailBoxesAPI.GetSingleMailBox
  • ProtectedApplicationsAPI.GetAllProtectedApplications
  • ProtectedApplicationsAPI.GetSingleProtectedApplication
  • ProtectedApplicationsAPI.GetSupportedResourceTypes
  • MscUIAction.GetByNoun
  • AzureRolesAPI.AzureRoleMembers
  • ProtectedApplicationsAPI.GetAllAzureApplications
  • ExternalCredentialsAPI.GetByComputerId
  • ExternalCredentialsAPI.GetCheckedOutByPersonId
  • ExternalCredentialsAPI.GetCheckedOutRecords
  • ExternalCredentialsAPI.CheckInCredential
  • SharepointAPI.GetSingleWebSite
  • ProtectedApplicationsAPI.GetSingleAzureApplication
  • ComputersAPI.GetITEnvironmentTypes
  • ComputersAPI.GetComputerRequestableDetailOptions
  • ExternalCredentialsAPI.GetSingleExternalCredential
  • MscExternalCredential.CheckInCredential
  • MscExternalCredential.ValidateMasterPassword
  • ComputersAPI.GetLoginSessionHistoryDetails
  • ComputersAPI.GetLoginSessionHistory
IAM Shop, My Tasks, and My Identity Self-Service Full Access
Role Bundle
Grants full access for using the IAM Shop, My Tasks, My Identity microservices. 
The Role Bundle – Contains the below Management Roles:
  • ACT-Person-Delegate-All
  • ACT-Person-SetAsApprover-All
  • UI-IT-Shop-MS-Azure-Admin-Role
  • UI-IT-Shop-MS-Computer
  • UI-MyTasks-Participant-Full
  • UI-IT-Shop-MS-Management-Role
  • UI-IT-Shop-MS-Azure-License
  • UI-MyIdentity-PermanentDelegations
  • UI-MyIdentity-EmailNotification-Settings
  • UI-IT-Shop-MS-Business-Role
  • UI-IT-Shop-MS-Shared-Folder
  • UI-IT-Shop-MS-Application-Role
  • UI-IT-Shop-MS-Mailbox
  • UI-MyIdentity-Full
  • UI-IT-Shop-MS-Common
  • UI-IT-Shop-MS-Risk
  • VIS-Application-All
  • VIS-Location-MyLocationsAndBelow
  • VIS-Person-MyOrg
  • VIS-IT-Shop-MS-API
  • VIS-Computer-All
  • VIS-Management-Role-All
  • VIS-AzLocalRole-All
  • VIS-Mailbox-All
  • VIS-Groups-All
  • VIS-BusinessRequestType-All
  • VIS-MyTasks-MS-API
  • VIS-MyIdentity-MS-API
  • VIS-Location-All-BusinessStructure
  • VIS-AzGlobalFunction-All
  • VIS-Shared-Credential-All
  • VIS-AzLocalFunction-All
  • UI-IT-Shop-MS-Azure-RBAC-Role
  • VIS-License-Pool-All
  • VIS-OrgRoleOrgZone-ALL
 Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue