Versions Compared

Old Version 5

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Business Roles typically represent job positions within an organization and are used to bundle and report appropriate compliant access. However, modern organizations are composed of cross-functional teams working on initiatives or projects, and not all access is either job-based or necessarily assigned directly to each Business Role. In EmpowerID, this type of access is commonly bundled into manageable Task-Based RBAC or T-RBAC “activity-based” functional roles known as “Management Roles.” These Management Roles can be designed to grant the bundles of technical roles, entitlements, and permissions in external systems required to complete everyday job duties or tasks. EmpowerID leverages Management Roles extensively for the out-of-the-box granular roles shipped to delegate who may see which user interfaces, objects and perform which actions. These activity-based or task-based roles are broken down into three primary types to segregate the access they grant, allowing them to be easily reused and “composed” into any number of combinations without requiring the creation and maintenance of new roles.

Each Management Role is a child of a Management Role Definition. Management Role Definitions provide a baseline of access that you can use as a starting point for defining the access to resources given to a Management Role. When creating Management Roles from an existing parent definition, each role inherits the Access Level assignments of the parent. Roles can then be scoped with additional assignments as needed.

T-RBAC Management Role Model

EmpowerID leverages Management Roles extensively for the out-of-the-box granular roles shipped to delegate who may see which user interfaces, objects and perform which actions. These activity-based or task-based roles are broken down into three primary types to segregate the access they grant, allowing them to be easily reused and “composed” into any number of combinations without requiring the creation and maintenance of new roles. The below image uses a Venn diagram to visually depict the three types of T-RBAC Management Roles and how they combine to enable task-based access.

Easy html macro
theme{"label":"solarized_dark","value":"solarized_dark"}
contentByMode{"html":"<article>\r\n <div class=\"cont\">\r\n <h3>About Management Roles</h3>\r\n </div>\r\n <audio controls>\r\n <source src=\"https://docs.empowerid.com/assets/audio/ManagementRoles.wav\" type=\"audio/wav\">\r\n</audio>\r\n \r\n</article>\r\n","javascript":"","css":"@import 'https://fonts.googleapis.com/css?family=Lato';\r\n\r\n\r\nbody {\r\n\t\r\n\tfont-family: 'Lato';\r\n}\r\n\r\narticle{\r\n\tbackground: #343436;\r\n\twidth: 90%;\r\n\ttext-align: center;\r\n\tpadding: 30px 5%;\r\n\tbox-sizing: border-box;\r\n\tbox-shadow: 0 0 21px 0px rgba(0,0,0,0.3);\r\n\tborder-radius: 10px;\r\n\tmargin-left: 20px;\r\n}\r\n\r\n.cont h3{\r\n\tfont-family: 'Lato';\r\n\tfont-size: 25px;\r\n\tmargin: 0 0 10px 0;\r\n\tcolor: #ccc;\r\n}\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n}"}
 Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue
Demo using Management Roles in EmpowerID
ManagementRoles.mp4
 Info
Key Takeaways:
  1. Management Roles are needed in modern organizations as not all access needed is job-based. 
  2. Management Roles are derived from Management Role Definitions. A Management Role cannot be the child of another Management Role. 
  3. A Management Role cannot have more than one parent.
 Info
Related Docs Topics:
About Management Roles
 Insert excerptIL:External StylesheetIL:External Stylesheetnopaneltrue
Demo using Management Roles in EmpowerID
ManagementRoles.mp4
 Easy html macro
theme{"label":"solarized_dark","value":"solarized_dark"}
contentByMode{"html":"<!doctype html>\r\n<head>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.1.0/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-KyZXEAg3QhqLMpG8r+8fhAXLRk2vvoC2f3B09zVXn8CA5QIVfZOJ3BCsw2P0p/We\" crossorigin=\"anonymous\">\r\n</head>\r\n<nav aria-label=\"...\">\r\n <ul class=\"pagination justify-content-center\">\r\n <li class=\"page-item\">\r\n <a class=\"page-link\" href=\"https://dotnetworkflow.jira.com/wiki/spaces/EIDIGACore/pages/2387741639/Access+Levels+RBAC\" target=\"_top\"> &laquo; &nbsp;&nbsp;Previous</a>\r\n </li>\r\n <li class=\"page-item active\" aria-current=\"page\">\r\n <span class=\"page-link\">Current</span>\r\n </li>\r\n <li class=\"page-item\">\r\n <a class=\"page-link\" href=\"https://dotnetworkflow.jira.com/wiki/spaces/EIDIGACore/pages/2387741725/T-RBAC\" target=\"_top\"> Next&nbsp;&nbsp; &raquo;</a>\r\n </li>\r\n </ul>\r\n</nav>","javascript":"","css":""}