IAM Shop Permission Levels are EmpowerID constructs that in EmpowerID are designed to represent permissions in native systems for specific resources , such as applications, within native systems, including shared folders, mailboxes, and computers that organizations can configure . These permission levels can be configured by organizations to grant specific permissions against those resources, such as “read-only” to various resources. Examples of this might include setting a "read-only" access level for a shared folder or “local admin” for assigning "local admin" access to a computer.
When users request access from the IAM Shop to a resource that has been configured with IAM Shop Permission Levels, they will have are given the option to choose select a permission level, as shown . This process is demonstrated in the following image below.
In the above imagethis example, the user sees two permission levels for a computer, “Local Admin” and “Domain : "Local Admin" and "Domain Admin.” " Each of these levels is mapped to a specific group on in the native system that grants those permissions in the native systemthe corresponding permissions. For exampleinstance, if a user selects the IAM Shop Permission Level named “Local "Local Admin,” upon approval, " EmpowerID fulfills the request by adding the user to the group granting local admin rights on the computer.
...
EmpowerID includes default IAM Shop Permission Levels for shared folders, computers, and mailboxes that can be used to represent native permissions out of the box. However, you can create your own, naming them whatever makes sense for your custom permission levels with names that suit your environment. Once added to a resource, these custom permission levels will then appear to users shopping for those resources in the IAM Shop. For example, if you create an IAM Shop Permission Level for Computer X named “Power "Power User,” " users will see “Power User” "Power User" as a permission option for Computer X. The key to using IAM Shop Permission Levels effectively is to ensure ensuring they are mapped to the right appropriate objects in the native system that grant those permissions represent in the native systemthe represented permissions. Without proper mapping, IAM Shop Permission Levels are simply merely labeled options.
Macrosuite divider macro | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|