Versions Compared

Old Version 7

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

EmpowerID restricts access to the IT IAM Shop through the use of Management Roles. To access the IT IAM Shop, users must be assigned to the appropriate roles. Management Roles are prefixed by their function in EmpowerID and include the following:

  • UI – Management Roles prefixed with UI grant users access to specific UI elements in the EmpowerID Web interface. An example of this type of role for Password Manager is UI-Person-Password-Self-Service. This role grants users access to the user interfaces and workflows for enrolling for self-service password reset and changing their own passwords.

  • VIS – Management Roles prefixed with VIS grant users the ability to see specific objects in EmpowerID. An example of this type of role for Password Manager is VIS-Person-Self. All users have this Management Role by default.

  • ACT – Management Roles prefixed with ACT grant users the ability to manage specific objects in EmpowerID. An example of this type of role for Password Manager is ACT-Password-Self-Service. This role grants users access to change passwords, enroll for password self-service reset, and perform other password self-service operations.

...

Roles needed to shop in the IAM Shop

To shop for eligible resources in the IT IAM Shop, users need to have one or more of the below Management Role assignments (based on the needed scope):

VIS-IT-SHOP-MS-API

Grants visibility to the base Web services required by all users of the IT Shop microservice.

Web Service Access

Executor Access Level for the following Web services:

  • BusinessFunctionsAPI

  • BusinessFunctionsAPI.GetChildrenByOrgZoneType

  • BusinessFunctionsAPI.GetOrgZonesByOrgZoneTypeTypes

  • BusinessLocationsAPI.GetOrgZoneTypes

  • BusinessLocationsAPI.Search

  • BusinessRolesAPI

  • BusinessRolesAPI.CheckAssignmentStatus

  • BusinessRolesAPI.GetApplicationRoleTemplates

  • BusinessRolesAPI.GetAssignedAppRolesByPersonGUID

  • BusinessRolesAPI.GetAssignedBusinessRolesByPersonGUID

  • BusinessRolesAPI.GetOrgRole

  • BusinessRolesAPI.GetOrgRoles

  • BusinessRolesAPI.GetSingleOrgRole

  • CartSubmissionAPI

  • CartSubmissionAPI.SubmitCart

  • CheckForSODAPI

  • CheckForSODAPI.GetAssigneesForOrgRoleType

  • GlobalSettingsAPI

  • GlobalSettingsAPI.GetConfigSetting

  • GroupsAPI

  • GroupsAPI.CheckAssignmentStatus

  • GroupsAPI.GetAssignedAppRolesByPersonGUID

  • GroupsAPI.GetAssignedMembershipByOrgRolesOrgZoneID

  • GroupsAPI.GetGroups

  • GroupsAPI.GetSingleOrgRole

  • GroupsAPI.GetTargetSystemsFilterdata

  • LocalizationAPI

  • LocalizationAPI.CountryHelpText

  • LocalizationAPI.GetByResourceSet

  • ProtectedAppResourceAPI

  • ProtectedAppResourceAPI.AlllowedSsoApplications

    • ProtectedAppResourceAPI.GetChildrenByProtectedApplicationACT

    Management Role

    Description

    Role Type

    Description

    UI-PersonIT-PasswordShop-Self-Service

    Grants users access to change password, enroll and other password self-service operations.

    Activity

    UI-Person-Password-Self-Service

    Grants access to change password, enroll and other password self-service workflows and user interfaces.

    Feature Set

    IT Shop, My Tasks, and My Identity Self-Service Full Access

    Grants full access for using the IT Shop, My Tasks, My Identity microservices

    Role Bundle – Contains the below Management Roles

    Dropdown macro
    hardcodeWidth274
    backgroundColor#0052CC
    activeColor#ffffff
    width43
    hoverColor#00a2e0
    tabTypeno-icon
    alignmentleft
    [{"label":"View Management Roles","id":"1","content":{"version":1,"type":"doc","content":[{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ACT-Person-Delegate-All"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ACT-Person-SetAsApprover-All"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-IT-Shop-MS-Azure-Admin-Role"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-IT-Shop-MS-Computer"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-MyTasks-Participant-Full"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-IT-Shop-MS-Management-Role"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-IT-Shop-MS-Azure-License"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-MyIdentity-PermanentDelegations"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-MyIdentity-EmailNotification-Settings"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-IT-Shop-MS-Business-Role"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-IT-Shop-MS-Shared-Folder"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-IT-Shop-MS-Application-Role"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-IT-Shop-MS-Mailbox"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-MyIdentity-Full"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-IT-Shop-MS-Common"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-IT-Shop-MS-Risk"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-Application-All"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-Location-MyLocationsAndBelow"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-Person-MyOrg"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-IT-Shop-MS-API"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-Computer-All"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-Management-Role-All"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-AzLocalRole-All"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-Mailbox-All"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-Groups-All"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-BusinessRequestType-All"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-MyTasks-MS-API"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-MyIdentity-MS-API"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-Location-All-BusinessStructure"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-AzGlobalFunction-All"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-Shared-Credential-All"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-AzLocalFunction-All"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-IT-Shop-MS-Azure-RBAC-Role"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"VIS-License-Pool-All"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Vis-OrgRoleOrgZone-ALL"}]}]}]},{"type":"paragraph","content":[]}]}},{"label":"New Dropdown","id":"hldtnlo1o","content":{"version":1,"type":"doc","content":[{"type":"paragraph","content":[{"type":"text","text":"test test test"}]}]},"icon":"font-awesome/RegImage"}]

    Management Role

    Access Granted by Management Role

    UI-IT-Shop-MS-Full-Access

    Inherits the below Access Levels from the parent Management Role Definition:

    Workflow Access

    Initiator Access Level for following workflows:

    • UpdatePersonDirectAssignment

    • UpdatePersonBusinessRoles

    Control (User Interface) Access

    Viewer Access Level for the following controls:

    • Application Process Control

    • Business Roles TCode Control

    • Business Roles Owners Attribute Control

    • Business Roles Advanced Search Control

    • Business Roles Role Approvers Attribute Control

    • Application Roles Resource System Attribute Control

    • Business Roles Name Attribute Control

    • Target System Control

    • Application Roles TCode Control

    • Application Roles Advanced Search Control

    • Shop for Target Person Control

    • Business Functions Control

    • Business Roles Parent Business Roles Attribute Control

    • Application Roles Owners Attribute Control

    • Application Roles High Level Classification Attribute Control

    • Business Domains Control

    • Business Roles High Level Classification Attribute Control

    • Application Roles Name Attribute Name

     Application Access

    Viewer Access Level for the following applications:

    • IT Shop Microservice App

    • EmpowerID Web

    Web Service Access

    Executor Access Level for the following Web services:

    • All ITShop WebServices

    • AllRbacObjects

    • CartSubmissinoAPI.SubmitCart

     Pages and Reports Access

    Viewer Access Level for the following pages and reports:

    • Groups Page (IT Shop)

    • Business Roles Page (IT Shop)

     

    MS-Application

    Feature Set (Ui)

    Grants access to shop for access to Applications in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and workflows:

    Easy html macro
    theme{"label":"solarized_dark","value":"solarized_dark"}
    contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<style>\r\n.nav {\r\n border: 1px solid #C1C1C8;\r\n border-style: none none solid none;\r\n padding: 0;\r\n margin: 12px 0 32px;\r\n display: flex;\r\n flex-wrap: nowrap;\r\n overflow: auto;\r\n}\r\n .nav-link {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n}\r\n.nav-link.active {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n border-bottom: 2px solid #1662DD !important;\r\n border-radius: 0px !important;\r\n}\r\n</style>\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <ul class=\"nav nav-pills mb-3\" id=\"pills-tab\" role=\"tablist\">\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link active\" id=\"pills-first-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab1\" type=\"button\" role=\"tab\">User Interface Controls</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-second-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab2\" type=\"button\" role=\"tab\">Pages and Reports</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-third-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab3\" type=\"button\" role=\"tab\">Workflows</button>\r\n </li>\r\n</ul>\r\n<div class=\"tab-content\" id=\"pills-tabContent\">\r\n <div class=\"tab-pane fade show active\" id=\"tab1\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following controls:</p>\r\n <ul>\r\n <li>Applications Grid Control (IT Shop)</li>\r\n <li>ITShop Parsed Html More information text Control</li>\r\n <li>ITShop Show Only Azure Applications Control</li>\r\n <li>Create Azure Application Workflow Control (IT Shop)</li>\r\n <li>ITShop-PreApprovedApplications-Control</li>\r\n <li>ITShop-TimeConstrainedApplications-Control</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab2\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following pages and reports:</p>\r\n <ul>\r\n <li>Application Roles Page (IT Shop)</li>\r\n </ul>\r\n \r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab3\" role=\"tabpanel\">\r\n <p>Grants <b>Initiator</b> access for the following workflows:</p>\r\n <ul>\r\n <li>CreateAzureApplication</li>\r\n </ul>\r\n </div>\r\n</div>","javascript":"","css":""}
    UI-IT-Shop-MS-Application Role
    Feature Set (UI)
    Grants access to shop for Application Roles (Groups) in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and web services:
     Easy html macro
    theme{"label":"solarized_dark","value":"solarized_dark"}
    contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<style>\r\n.nav {\r\n border: 1px solid #C1C1C8;\r\n border-style: none none solid none;\r\n padding: 0;\r\n margin: 12px 0 32px;\r\n display: flex;\r\n flex-wrap: nowrap;\r\n overflow: auto;\r\n}\r\n .nav-link {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n}\r\n.nav-link.active {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n border-bottom: 2px solid #1662DD !important;\r\n border-radius: 0px !important;\r\n}\r\n</style>\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <ul class=\"nav nav-pills mb-3\" id=\"pills-tab\" role=\"tablist\">\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link active\" id=\"pills-first-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab1\" type=\"button\" role=\"tab\">User Interface Controls</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-second-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab2\" type=\"button\" role=\"tab\">Pages and Reports</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-third-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab3\" type=\"button\" role=\"tab\">Web Service</button>\r\n </li>\r\n</ul>\r\n<div class=\"tab-content\" id=\"pills-tabContent\">\r\n <div class=\"tab-pane fade show active\" id=\"tab1\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following controls:</p>\r\n <ul>\r\n <li>Target System Control (IT Shop)</li>\r\n <li>TCodes Grid Control (IT Shop)</li>\r\n <li>Manage Access Business Request Attribute Control (IT Shop)</li>\r\n <li>Application Roles Business Functions Control (IT Shop)</li>\r\n <li>Application Processes Control (IT Shop)</li>\r\n <li>Suggested Application Roles Control (IT Shop)</li>\r\n <li>Application Roles Account Store Attribute Control (IT Shop)</li>\r\n <li>Application Roles Resource System Attribute Control (IT Shop)</li>\r\n <li>Application Roles Applications Control (IT Shop)</li>\r\n <li>Application Roles Owners Attribute Control (IT Shop)</li>\r\n <li>Application Roles Advanced Search Control (IT Shop)</li>\r\n <li>Application Roles High Level Classification Attribute Control (IT Shop)</li>\r\n <li>Application Roles Name Attribute Control (IT Shop)</li>\r\n <li>Application Roles TCode Control (IT Shop)</li>\r\n <li>Pre-Approved Application Roles Control (IT Shop)</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab2\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following pages and reports:</p>\r\n <ul>\r\n <li>Application Roles Page (IT Shop)</li>\r\n </ul>\r\n \r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab3\" role=\"tabpanel\">\r\n <p>Grants <b>Executor</b> access for the following services:</p>\r\n <ul>\r\n <li>GroupsAPI.GetAssignedAppRolesByPersonGUID</li>\r\n <li>GroupsAPI.GetUser</li>\r\n <li>GroupsAPI.OwnersByAppRoleId</li>\r\n <li>GroupsAPI.GetAnonymousInfo</li>\r\n <li>\tGroupsAPI.GetAssignedMembershipByOrgRoleOrgZoneID</li>\r\n <li>GroupsAPI.GetGroups</li>\r\n <li>GroupsAPI</li>\r\n <li>GroupsAPI.GetTargetSystemFilterdata</li>\r\n <li>GroupsAPI.GetSuggestedAppRolesByOrgRoleIdOrgZoneId</li>\r\n <li>GroupsAPI.GetSingleOrgRole</li>\r\n <li>\tGroupsAPI.ApproversByAppRoleId</li>\r\n <li>GroupsAPI.CheckAssignmentStatus</li>\r\n <li>\tGroupsAPI.GetOwnersAndApprovers</li>\r\n <li>GroupsAPI.GetUserGroups</li>\r\n </ul>\r\n </div>\r\n</div>","javascript":"","css":""}
    UI-IT-Shop-MS-Azure-Admin-Role
    Feature Set (UI)
    Grants access to shop for Azure Admin Directory Roles in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and web services:
     Easy html macro
    theme{"label":"solarized_dark","value":"solarized_dark"}
    contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<style>\r\n.nav {\r\n border: 1px solid #C1C1C8;\r\n border-style: none none solid none;\r\n padding: 0;\r\n margin: 12px 0 32px;\r\n display: flex;\r\n flex-wrap: nowrap;\r\n overflow: auto;\r\n}\r\n .nav-link {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n}\r\n.nav-link.active {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n border-bottom: 2px solid #1662DD !important;\r\n border-radius: 0px !important;\r\n}\r\n</style>\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <ul class=\"nav nav-pills mb-3\" id=\"pills-tab\" role=\"tablist\">\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link active\" id=\"pills-first-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab1\" type=\"button\" role=\"tab\">User Interface Controls</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-second-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab2\" type=\"button\" role=\"tab\">Pages and Reports</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-third-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab3\" type=\"button\" role=\"tab\">Web Service</button>\r\n </li>\r\n</ul>\r\n<div class=\"tab-content\" id=\"pills-tabContent\">\r\n <div class=\"tab-pane fade show active\" id=\"tab1\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following controls:</p>\r\n <ul>\r\n <li>\tAzure Admin Roles Role Types Control (IT Shop)</li>\r\n <li>Manage Access Business Request Attribute Control (IT Shop)</li>\r\n <li>Azure Admin Roles Resource System Attribute Control (IT Shop)</li>\r\n <li>\tAzure Admin Roles Role Type Attribute Control (IT Shop)</li>\r\n <li>\tAzure Admin Roles Advanced Search Control (IT Shop)</li>\r\n <li>\tAzure Admin Roles Global Functions Control (ITShop)</li>\r\n <li>Azure Admin Roles Tenants Control (IT Shop)</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab2\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following pages and reports:</p>\r\n <ul>\r\n <li>Azure Admin Roles Page (IT Shop)</li>\r\n </ul>\r\n \r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab3\" role=\"tabpanel\">\r\n <p>Grants <b>Executor</b> access for the following services:</p>\r\n <ul>\r\n <li>AzureRolesAPI.CheckAssignmentStatus</li>\r\n <li>AzureRolesAPI.GetRoleTypes</li>\r\n <li>AzureRolesAPI</li>\r\n <li>AzureRolesAPI.GetAdTree</li>\r\n <li>AzureRolesAPI.GetSingleAzureAdminRole</li>\r\n <li>AzureRolesAPI.GetAllAssigned</li>\r\n <li>AzureRolesAPI.GetAzureAdminRoles</li>\r\n </ul>\r\n </div>\r\n</div>","javascript":"","css":""}
    UI-IT-Shop-MS-Azure-License
    Feature Set (UI)
    Grants access to shop for Azure Licenses in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and web services:
     Easy html macro
    theme{"label":"solarized_dark","value":"solarized_dark"}
    contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<style>\r\n.nav {\r\n border: 1px solid #C1C1C8;\r\n border-style: none none solid none;\r\n padding: 0;\r\n margin: 12px 0 32px;\r\n display: flex;\r\n flex-wrap: nowrap;\r\n overflow: auto;\r\n}\r\n .nav-link {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n}\r\n.nav-link.active {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n border-bottom: 2px solid #1662DD !important;\r\n border-radius: 0px !important;\r\n}\r\n</style>\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <ul class=\"nav nav-pills mb-3\" id=\"pills-tab\" role=\"tablist\">\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link active\" id=\"pills-first-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab1\" type=\"button\" role=\"tab\">User Interface Controls</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-second-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab2\" type=\"button\" role=\"tab\">Pages and Reports</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-third-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab3\" type=\"button\" role=\"tab\">Web Services</button>\r\n </li>\r\n</ul>\r\n<div class=\"tab-content\" id=\"pills-tabContent\">\r\n <div class=\"tab-pane fade show active\" id=\"tab1\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following controls:</p>\r\n <ul>\r\n <li>Azure Licenses Tenant Subscription Attribute Control (IT Shop)</li>\r\n <li>Azure Licenses Resource System Attribute Control (IT Shop)</li>\r\n <li>Azure Licenses Name Attribute Control (IT Shop)</li>\r\n <li>Azure License Pool Control (IT Shop)</li>\r\n <li>Manage Access Business Request Attribute Control (IT Shop)</li>\r\n <li>Azure Licenses License Pool Attribute Control (IT Shop)</li>\r\n <li>Azure Subscription Control (IT Shop)</li>\r\n <li>Azure Licenses Advanced Search Control (IT Shop)</li>\r\n <li>Azure Licenses Licensed Assignee Attribute Control (IT Shop)</li>\r\n <li>Azure Licenses Tenants Control (IT Shop)</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab2\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following pages and reports:</p>\r\n <ul>\r\n <li>Azure Licenses Page (IT Shop)</li>\r\n </ul>\r\n \r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab3\" role=\"tabpanel\">\r\n <p>Grants <b>Executor</b> access for the following services:</p>\r\n <ul>\r\n <li>\tAzureLicenseBundleAPI.GetTenantSubscriptionServices</li>\r\n <li>AzureLicenseBundleAPI</li>\r\n <li>AzureLicenseBundleAPI.GetAllEligibleLicenseBundlesByAssigneeId</li>\r\n <li>\tAzureLicenseBundleAPI.GetSinglee</li>\r\n <li>\tAzureLicenseBundleAPI.GetAllAzLocalServiceBundles</li>\r\n <li>AzureLicenseBundleAPI.GetAllAssignedLicenseBundlesByAssigneeId</li>\r\n <li>AzureLicenseBundleAPI.GetAllAzLicensePool</li>\r\n <li>AzureLicenseBundleAPI.GetAllAzureAdScimResourceSystems</li>\r\n <li>\tAzureLicenseBundleAPI.CheckAssignmentStatus</li>\r\n </ul>\r\n </div>\r\n</div>","javascript":"","css":""}
    UI-IT-Shop-MS-Azure-RBAC-Role
    Feature Set (UI)
    Grants access to shop for Azure RBAC Roles in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and web services:
     Easy html macro
    theme{"label":"solarized_dark","value":"solarized_dark"}
    contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<style>\r\n.nav {\r\n border: 1px solid #C1C1C8;\r\n border-style: none none solid none;\r\n padding: 0;\r\n margin: 12px 0 32px;\r\n display: flex;\r\n flex-wrap: nowrap;\r\n overflow: auto;\r\n}\r\n .nav-link {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n}\r\n.nav-link.active {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n border-bottom: 2px solid #1662DD !important;\r\n border-radius: 0px !important;\r\n}\r\n</style>\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <ul class=\"nav nav-pills mb-3\" id=\"pills-tab\" role=\"tablist\">\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link active\" id=\"pills-first-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab1\" type=\"button\" role=\"tab\">User Interface Controls</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-second-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab2\" type=\"button\" role=\"tab\">Pages and Reports</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-third-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab3\" type=\"button\" role=\"tab\">Web Services</button>\r\n </li>\r\n</ul>\r\n<div class=\"tab-content\" id=\"pills-tabContent\">\r\n <div class=\"tab-pane fade show active\" id=\"tab1\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following controls:</p>\r\n <ul>\r\n <li>Azure Rbac Roles Global Functions Control (ITShop)</li>\r\n <li>Azure Rbac Roles Role Types Control (IT Shop)</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab2\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following pages and reports:</p>\r\n <ul>\r\n <li>\tAzure Rbac Roles Page (ITShop)</li>\r\n </ul>\r\n \r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab3\" role=\"tabpanel\">\r\n <p>Grants <b>Executor</b> access for the following services:</p>\r\n <ul>\r\n <li>AzureRolesAPI.GetRoleTypes</li>\r\n <li>\tAzureRolesAPI.CheckAssignmentStatus</li>\r\n <li>\tAzureRolesAPI.GetAzureRbacRoles</li>\r\n <li>AzureRolesAPI.GetAdTree</li>\r\n <li>AzureRolesAPI.GetAllAssigned</li>\r\n <li>AzureRolesAPI</li>\r\n <li>AzureRolesAPI.GetSingleAzureRole</li>\r\n </ul>\r\n </div>\r\n</div>","javascript":"","css":""}
    UI-IT-Shop-MS-Business-Role
    Feature Set (UI)
    Grants access to shop for Business Roles in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and web services:
     Easy html macro
    theme{"label":"solarized_dark","value":"solarized_dark"}
    contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<style>\r\n.nav {\r\n border: 1px solid #C1C1C8;\r\n border-style: none none solid none;\r\n padding: 0;\r\n margin: 12px 0 32px;\r\n display: flex;\r\n flex-wrap: nowrap;\r\n overflow: auto;\r\n}\r\n .nav-link {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n}\r\n.nav-link.active {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n border-bottom: 2px solid #1662DD !important;\r\n border-radius: 0px !important;\r\n}\r\n</style>\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <ul class=\"nav nav-pills mb-3\" id=\"pills-tab\" role=\"tablist\">\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link active\" id=\"pills-first-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab1\" type=\"button\" role=\"tab\">User Interface Controls</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-second-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab2\" type=\"button\" role=\"tab\">Pages and Reports</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-third-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab3\" type=\"button\" role=\"tab\">Web Services</button>\r\n </li>\r\n</ul>\r\n<div class=\"tab-content\" id=\"pills-tabContent\">\r\n <div class=\"tab-pane fade show active\" id=\"tab1\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following controls:</p>\r\n <ul>\r\n <li>Azure Rbac Roles Global Functions Control (ITShop)</li>\r\n <li>Azure Rbac Roles Role Types Control (IT Shop)</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab2\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following pages and reports:</p>\r\n <ul>\r\n <li>\tAzure Rbac Roles Page (ITShop)</li>\r\n </ul>\r\n \r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab3\" role=\"tabpanel\">\r\n <p>Grants <b>Executor</b> access for the following services:</p>\r\n <ul>\r\n <li>AzureRolesAPI.GetRoleTypes</li>\r\n <li>\tAzureRolesAPI.CheckAssignmentStatus</li>\r\n <li>\tAzureRolesAPI.GetAzureRbacRoles</li>\r\n <li>AzureRolesAPI.GetAdTree</li>\r\n <li>AzureRolesAPI.GetAllAssigned</li>\r\n <li>AzureRolesAPI</li>\r\n <li>AzureRolesAPI.GetSingleAzureRole</li>\r\n </ul>\r\n </div>\r\n</div>","javascript":"","css":""}
    UI-IT-Shop-MS-Common
    Feature Set (UI)
    Grants access for common/shared UI and APIs used by the IAM Shop. The role specifically grants access to the following applications, user interface controls, and web services:
     Easy html macro
    theme{"label":"solarized_dark","value":"solarized_dark"}
    contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<style>\r\n.nav {\r\n border: 1px solid #C1C1C8;\r\n border-style: none none solid none;\r\n padding: 0;\r\n margin: 12px 0 32px;\r\n display: flex;\r\n flex-wrap: nowrap;\r\n overflow: auto;\r\n}\r\n .nav-link {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n}\r\n.nav-link.active {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n border-bottom: 2px solid #1662DD !important;\r\n border-radius: 0px !important;\r\n}\r\n</style>\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <ul class=\"nav nav-pills mb-3\" id=\"pills-tab\" role=\"tablist\">\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link active\" id=\"pills-first-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab1\" type=\"button\" role=\"tab\">Applications</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-second-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab2\" type=\"button\" role=\"tab\">User Interface Controls</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-third-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab3\" type=\"button\" role=\"tab\">Web Services</button>\r\n </li>\r\n</ul>\r\n<div class=\"tab-content\" id=\"pills-tabContent\">\r\n <div class=\"tab-pane fade show active\" id=\"tab1\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following applications:</p>\r\n <ul>\r\n <li>IT Shop Microservice App</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab2\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following user interface controls:</p>\r\n <ul>\r\n <li>Manage Access Workflow Id Attribute Control (IT Shop)</li>\r\n <li>Resource's Access Request Policy Control (IT Shop)</li>\r\n <li>ITShop-ShowManageAccessFiltersBar-Control</li>\r\n <li>Reassign Cart Approver Control (IT Shop)</li>\r\n <li>Shop For Target Person Control (IT Shop)</li>\r\n <li>ITShop Workflow Tab Control</li>\r\n <li>Simple Text Search Control (IT Shop)</li>\r\n <li>Manage Access View Pending Access Control (IT Shop)</li>\r\n <li>Shop By Reference Person Control (IT Shop)</li>\r\n <li>Show Cart Approver Control (IT Shop)</li>\r\n <li>Manage Access Business Request Attribute Control (IT Shop)</li>\r\n <li>Show Guided Shop for first time login (IT Shop)</li>\r\n <li>Cart Due Date Control (IT Shop)</li>\r\n </ul>\r\n \r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab3\" role=\"tabpanel\">\r\n <p>Grants <b>Executor</b> access for the following services:</p>\r\n <ul>\r\n <li>MscPerson.GetSearch</li>\r\n <li>CartSubmissionAPI.GetAnonymousInfo</li>\r\n <li>CartSubmissionAPI.SubmitCart</li>\r\n <li>CartSubmissionAPI.DefaultApprover</li>\r\n <li>MscPerson.GetPersonByGUID</li>\r\n <li>MscProtectedApplication.GetTargetSystemFilterData</li>\r\n <li>CartSubmissionAPI.GetUserGroups</li>\r\n <li>MscPerson.GetPhoto</li>\r\n <li>LocalizationAPI</li>\r\n <li>MscLocalization.AvailableLanguages</li>\r\n <li>CartSubmissionAPI.BusinessRequestTypes</li>\r\n <li>CartSubmissionAPI.ProcessAzureAdminRoles</li>\r\n <li>CartSubmissionAPI.ProcessGroups</li>\r\n <li>CartSubmissionAPI.GetUser</li>\r\n <li>CartSubmissionAPI.ProcessOrgRoles</li>\r\n <li>CartSubmissionAPI.SuggestedApprovers</li>\r\n <li>MscLocalization.GetByResourceSet</li>\r\n <li>CartSubmissionAPI</li>\r\n <li>MscGlobalConfig.GetConfigSetting</li>\r\n <li>CartSubmissionAPI.ProcessLicenseBundles</li>\r\n <li>CartSubmissionAPI.ProcessManagementRoles</li>\r\n <li>CartSubmissionAPI.GetCartItemResults</li>\r\n <li>MscProtectedApplication.GetChildren</li>\r\n <li>LocalizationAPI.CountryHelpText</li>\r\n <li>MscProtectedApplication.AllowedSsoApplications</li>\r\n </ul>\r\n </div>\r\n</div>","javascript":"","css":""}
    UI-IT-Shop-MS-Full-Access
    Feature Set (UI)
    Grants access to all Item Types and UI in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, web services and workflows:
     Easy html macro
    theme{"label":"solarized_dark","value":"solarized_dark"}
    contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<style>\r\n.nav {\r\n border: 1px solid #C1C1C8;\r\n border-style: none none solid none;\r\n padding: 0;\r\n margin: 12px 0 32px;\r\n display: flex;\r\n flex-wrap: nowrap;\r\n overflow: auto;\r\n}\r\n .nav-link {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n}\r\n.nav-link.active {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n border-bottom: 2px solid #1662DD !important;\r\n border-radius: 0px !important;\r\n}\r\n</style>\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <ul class=\"nav nav-pills mb-3\" id=\"pills-tab\" role=\"tablist\">\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link active\" id=\"pills-first-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab1\" type=\"button\" role=\"tab\">Applications</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-second-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab2\" type=\"button\" role=\"tab\">User Interface Controls</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-third-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab3\" type=\"button\" role=\"tab\">Pages and Reports</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-fourth-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab4\" type=\"button\" role=\"tab\">Web Services</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-fifth-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab5\" type=\"button\" role=\"tab\">Workflows</button>\r\n </li>\r\n</ul>\r\n<div class=\"tab-content\" id=\"pills-tabContent\">\r\n <div class=\"tab-pane fade show active\" id=\"tab1\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following applications:</p>\r\n <ul>\r\n <li>EmpowerID Web</li>\r\n <li>IT Shop Microservice App</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab2\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following controls:</p>\r\n <ul>\r\n <li>Application Roles Resource System Attribute Control (IT Shop)</li>\r\n <li>Manage Access View Pending Access Control (IT Shop)</li>\r\n <li>Shop For Target Person Control (IT Shop)</li>\r\n <li>Simple Text Search Control (IT Shop)</li>\r\n <li>Azure Admin Roles Resource System Attribute Control (IT Shop)</li>\r\n <li>Azure Licenses Tenants Control (IT Shop)</li>\r\n <li>Application Roles Name Attribute Control (IT Shop)</li>\r\n <li>Azure Admin Roles Role Type Attribute Control (IT Shop)</li>\r\n <li>Azure Licenses License Pool Attribute Control (IT Shop)</li>\r\n <li>Management Roles Advanced Search Control (IT Shop)</li>\r\n <li>Business Domains Control (IT Shop)</li>\r\n <li>Application Roles Owners Attribute Control (IT Shop)</li>\r\n <li>Application Roles TCode Control (IT Shop)</li>\r\n <li>Azure Licenses Advanced Search Control (IT Shop)</li>\r\n <li>Target System Control (IT Shop)</li>\r\n <li>Azure Admin Roles Tenants Control (IT Shop)</li>\r\n <li>Application Roles High Level Classification Attribute Control (IT Shop)</li>\r\n <li>Show Guided Shop for first time login (IT Shop)</li>\r\n <li>Azure Subscription Control (IT Shop)</li>\r\n <li>Shop By Reference Person Control (IT Shop)</li>\r\n <li>Azure Licenses Name Attribute Control (IT Shop)</li>\r\n <li>Application Roles Account Store Attribute Control (IT Shop)</li>\r\n <li>Azure Licenses Resource System Attribute Control (IT Shop)</li>\r\n <li>Application Processes Control (IT Shop)</li>\r\n <li>Shared Folders Advanced Search Control (IT Shop)</li>\r\n <li>Mailboxes Advanced Search Control (IT Shop)</li>\r\n <li>Azure Licenses Licensed Assignee Attribute Control (IT Shop)</li>\r\n <li>Azure Admin Roles Role Types Control (IT Shop)</li>\r\n <li>Reassign Cart Approver Control (IT Shop)</li>\r\n <li>Business Roles Parent Business Role Attribute Control (IT Shop)</li>\r\n <li>Azure Licenses Tenant Subscription Attribute Control (IT Shop)</li>\r\n <li>Credentials Advance Search Control IT Shop</li>\r\n <li>Management Roles Name Attribute Control (IT Shop)</li>\r\n <li>Business Functions Control (IT Shop)</li>\r\n <li>Management Roles Type Friendly Name Attribute Control (IT Shop)</li>\r\n <li>Business Roles High Level Classification Attribute Control (IT Shop)</li>\r\n <li>Business Roles Role Approvers Attribute Control (IT Shop)</li>\r\n <li>Azure License Pool Control (IT Shop)</li>\r\n <li>Application Roles Advanced Search Control (IT Shop)</li>\r\n <li>Suggested Application Roles Control (IT Shop)</li>\r\n <li>Manage Access Business Request Attribute Control (IT Shop)</li>\r\n <li>Computers Advanced Search Control (IT Shop)</li>\r\n <li>Management Roles Owners Attribute Control (IT Shop)</li>\r\n <li>Azure Admin Roles Advanced Search Control (IT Shop)</li>\r\n <li>Business Roles TCode Control (IT Shop)</li>\r\n <li>Business Roles Name Attribute Control (IT Shop)</li>\r\n <li>Business Roles Owners Attribute Control (IT Shop)</li>\r\n <li>Business Roles Advanced Search Control (IT Shop)</li>\r\n <li>Business Roles Advanced Search Control (IT Shop)</li>\r\n <li>Azure Rbac Roles Role Types Control (IT Shop)</li>\r\n </ul>\r\n </div>\r\n \r\n <div class=\"tab-pane fade show\" id=\"tab3\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following pages and reports:</p>\r\n <ul>\r\n <li>Business Roles Page (ITShop)</li>\r\n <li>Azure Licenses Page (IT Shop)</li>\r\n <li>Azure Rbac Roles Page (ITShop)</li>\r\n <li>Application Roles Page (ITShop)</li>\r\n <li>Azure Admin Roles Page (ITShop)</li>\r\n <li>Management Roles Page (ITShop)</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab4\" role=\"tabpanel\">\r\n <p>Grants <b>Executor</b> access for the following services:</p>\r\n <ul>\r\n <li>CartSubmissionAPI.SubmitCart</li>\r\n <li>CartSubmissionAPI.SubmitCart</li>\r\n <li>AllRbacObjects</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab5\" role=\"tabpanel\">\r\n <p>Grants <b>Initiator</b> access for the following workflows:</p>\r\n <ul>\r\n <li>UpdatePersonManagementRoles</li>\r\n <li>UpdatePersonBusinessRoles</li>\r\n <li>UpdatePersonDirectAssignment</li>\r\n </ul>\r\n </div>\r\n</div>","javascript":"","css":""}
    VIS-IT-Shop-MS-API 
    Visibility (VIS)
    Grants access to the base web services required by all users of the IAM Shop Microservice. The role specifically grants access to the following web services:
    • BusinessLocationsAPI.GetUserGroups
    • BusinessLocationsAPI.GetUser
    • BusinessLocationsAPI.GetEligibleLocation
    • ComputersAPI.GetAllAssignedComputers
    • AzureRolesAPI.CheckAssignmentStatus
    • MscAccessRequestPolicy.GetByResourceID
    • AzureRolesAPI.GetAllAssigned
    • BusinessLocationsAPI.GetChildren
    • MscPerson.GetPhoto
    • MscResourceAccessRequestAssignee.GetByResourceIdForAssignee
    • MscUIAction.GetByResourceID
    • MscUtility.ListItemsBySetName
    • ExternalCredentialsAPI.GetAllExternalCredentials
    • ExternalCredentialsAPI.ValidateMasterPassword
    • MscRenewableAssignment.IsRenewableAssignment
    • MscExternalCredential.DeleteCredential
    • MscExternalCredential.DeleteCredential
    • ComputersAPI.GetComputersForLoginSessionAccess
    • BusinessRolesAPI.GetAnonymousInfo
    • GroupsAPI.GetGroups
    • BusinessRolesAPI.GetAssignedBusinessRolesByPersonGUID
    • GroupsAPI.GetAssignedAppRolesByPersonGUID
    • CartSubmissionAPI
    • CartSubmissionAPI.ProcessOrgRoles
    • GroupsAPI.GetTargetSystemFilterdata
    • CartSubmissionAPI.ProcessLicenseBundles
    • AzureLicenseBundleAPI.GetAllEligibleLicenseBundlesByAssigneeId
    • ManagementRolesAPI.GetManagementRoles
    • AzureRolesAPI.GetSingleAzureAdminRole
    • GroupsAPI.GetOwnersAndApprovers
    • MscGlobalConfig.GetConfigSetting
    • MscPerson.PeopleToSetAsDelegate
    • ManagementRolesAPI.OwnersByManagementRoleId
    • SharedFoldersAPI.GetSingleSharedFolder
    • SharedFoldersAPI.GetAllAssignedSharedFolders
    • MailBoxesAPI.GetAllAssignedMailBoxes
    • ProtectedApplicationsAPI.GetOwnersOrDeputies
    • SharepointAPI.GetAllWebSites
    • ComputersAPI.GetComputerOperatingSystemTypes
    • MscUtility.ListMethodSignatures
    • MscExternalCredential.CheckOutCredential
    • MscUtility.GetAdditionalDynamicProperties
    • BusinessRolesAPI.GetUserGroups
    • BusinessRolesAPI.GetUser
    • GroupsAPI.GetUser
    • BusinessLocationsAPI.GetAnonymousInfo
    • BusinessFunctionsAPI.GetAnonymousInfo
    • BusinessFunctionsAPI.GetUser
    • BusinessLocationsAPI.GetOrgZoneTypes
    • BusinessRolesAPI.ExecuteMethod
    • CheckForSODAPI
    • CheckForSODAPI.CheckForSOD
    • GroupsAPI.GetAssignedMembershipByOrgRoleOrgZoneID
    • GroupsAPI.GetSingleOrgRole
    • CartSubmissionAPI.GetAnonymousInfo
    • All ITShop WebServices
    • CheckForSODAPI.GetAssigneesForOrgRoleType
    • AzureLicenseBundleAPI
    • AzureLicenseReportAPI.getReportByReportID
    • ManagementRolesAPI
    • ManagementRolesAPI.GetAllAssigned
    • ManagementRolesAPI.CheckAssignmentStatus
    • CartSubmissionAPI.ProcessAzureAdminRoles
    • AzureLicenseBundleAPI.GetTenantSubscriptionServices
    • LocalizationAPI.CountryHelpText
    • GroupsAPI.GetSuggestedAppRolesByOrgRoleIdOrgZoneId
    • GroupsAPI.OwnersByAppRoleId
    • BusinessFunctionsAPI.LocalFunctionsByAppRole
    • BusinessFunctionsAPI.LocalFunctionsByOrgRoleOrgZone
    • BusinessRolesAPI.OwnersByRoleId
    • BusinessRolesAPI.ApproversByRoleId
    • MscProtectedApplication.GetChildren
    • MscProtectedApplication.AllowedSsoApplications
    • MscPerson.PeopleToSetAsApprover
    • GroupsAPI.GetAssignedMembershipByAssigneeId
    • MailBoxesAPI.GetAllMailBoxTypes
    • MailBoxesAPI.GetAllMailBoxes
    • MscAccessRequestPolicy.GetAll
    • ComputersAPI.GetAllComputers
    • ComputersAPI.GetSingleComputer
    • ManagementRolesAPI.GetAllAssignedByOrgRoleOrgZoneId
    • MscBusinessRequestItem.GetByAssigneeIdResourceId
    • MscUIAction.GetByNounVerb
    • ExternalCredentialsAPI.GetCheckedOutByComputerIdPersonId
    • ManagementRolesAPI.GetAllAssignedByManagementRoleId
    • ProtectedApplicationsAPI.GetAllAssignedProtectedApplications
    • ComputersAPI.GetComputerPlatformTypes
    • ExternalCredentialsAPI.GetAllAssignedExternalCredentials
    • ExternalCredentialsAPI.GetExternalCredentialProxy
    • MscExternalCredential.GetExternalCredentialProxy
    • ResourceTag
    • BusinessRolesAPI
    • BusinessRolesAPI.GetOrgRole
    • BusinessRolesAPI.GetOrgRoles
    • GroupsAPI
    • GroupsAPI.GetAnonymousInfo
    • GroupsAPI.GetUserGroups
    • BusinessLocationsAPI
    • BusinessLocationsAPI.GetChildrenByOrgZoneGUID
    • BusinessFunctionsAPI
    • BusinessFunctionsAPI.GetUserGroups
    • BusinessFunctionsAPI.GetFunctions
    • BusinessLocationsAPI.ExecuteMethod
    • BusinessLocationsAPI.Search
    • BusinessLocationsAPI.GetOrgZonesByOrgZoneType
    • BusinessRolesAPI.GetApplicationRoleTemplates
    • LocalizationAPI
    • CheckForSODAPI.GetAnonymousInfo
    • CheckForSODAPI.GetUserGroups
    • CheckForSODAPI.GetUser
    • CheckForSODAPI.ExecuteMethod
    • BusinessRolesAPI.GetSingleOrgRole
    • BusinessRolesAPI.CheckAssignmentStatus
    • GroupsAPI.CheckAssignmentStatus
    • CartSubmissionAPI.GetUserGroups
    • CartSubmissionAPI.GetUser
    • CartSubmissionAPI.SubmitCart
    • CartSubmissionAPI.ProcessGroups
    • CartSubmissionAPI.ProcessManagementRoles
    • CartSubmissionAPI.GetCartItemResults
    • BusinessRolesAPI.GetAssignedAppRolesByPersonGUID
    • AzureLicenseBundleAPI.GetSingle
    • AzureLicenseBundleAPI.GetAllAssignedLicenseBundlesByAssigneeId
    • AzureLicenseBundleAPI.CheckAssignmentStatus
    • AzureLicenseBundleAPI.GetAllAzureAdScimResourceSystems
    • AzureLicenseBundleAPI.GetAllAzLocalServiceBundles
    • AzureLicenseBundleAPI.GetAllAzLicensePool
    • ManagementRolesAPI.GetSingleManagementRole
    • AzureRolesAPI
    • AzureRolesAPI.GetAzureAdminRoles
    • AzureRolesAPI.GetAzureRbacRoles
    • GroupsAPI.ApproversByAppRoleId
    • BusinessFunctionsAPI.LocalFunctionsByOrgRole
    • BusinessFunctionsAPI.GlobalFunctionsByOrgRole
    • BusinessRolesAPI.GetOwnersAndApprovers
    • AzureRolesAPI.GetAdTree
    • AzureRolesAPI.GetRoleTypes
    • AzureRolesAPI.GetSingleAzureRole
    • MscLocalization.GetByResourceSet
    • MscLocalization.AvailableLanguages
    • MscPerson.GetPersonByGUID
    • AccessRequestPolicyView
    • MscProtectedApplication.GetTargetSystemFilterData
    • CartSubmissionAPI.SuggestedApprovers
    • CartSubmissionAPI.DefaultApprover
    • BusinessFunctionsAPI.LocalRightsByAssigneeId
    • BusinessFunctionsAPI.LocalFunctionsByRole
    • GroupsAPI.GetSuggestedAppRolesByAssigneeId
    • MscProtectedApplication.SearchApplications
    • MscProtectedApplication.LinkedApplications
    • SharedFoldersAPI.GetAllSharedFolders
    • MscResourceTypeRole.GetByResourceId
    • ManagementRolesAPI.GetSuggestedManagementRolesByAssigneeId
    • MscPerson.OwnersByResourceId
    • BusinessFunctionsAPI.LocalFunctionsByAssignee
    • MailBoxesAPI.GetSingleMailBox
    • ProtectedApplicationsAPI.GetAllProtectedApplications
    • ProtectedApplicationsAPI.GetSingleProtectedApplication
    • ProtectedApplicationsAPI.GetSupportedResourceTypes
    • MscUIAction.GetByNoun
    • AzureRolesAPI.AzureRoleMembers
    • ProtectedApplicationsAPI.GetAllAzureApplications
    • ExternalCredentialsAPI.GetByComputerId
    • ExternalCredentialsAPI.GetCheckedOutByPersonId
    • ExternalCredentialsAPI.GetCheckedOutRecords
    • ExternalCredentialsAPI.CheckInCredential
    • SharepointAPI.GetSingleWebSite
    • ProtectedApplicationsAPI.GetSingleAzureApplication
    • ComputersAPI.GetITEnvironmentTypes
    • ComputersAPI.GetComputerRequestableDetailOptions
    • ExternalCredentialsAPI.GetSingleExternalCredential
    • MscExternalCredential.CheckInCredential
    • MscExternalCredential.ValidateMasterPassword
    • ComputersAPI.GetLoginSessionHistoryDetails
    • ComputersAPI.GetLoginSessionHistory
    IAM Shop, My Tasks, and My Identity Self-Service Full Access
    Role Bundle – Contains the below Management Roles:
    • ACT-Person-Delegate-All
    • ACT-Person-SetAsApprover-All
    • UI-IT-Shop-MS-Azure-Admin-Role
    • UI-IT-Shop-MS-Computer
    • UI-MyTasks-Participant-Full
    • UI-IT-Shop-MS-Management-Role
    • UI-IT-Shop-MS-Azure-License
    • UI-MyIdentity-PermanentDelegations
    • UI-MyIdentity-EmailNotification-Settings
    • UI-IT-Shop-MS-Business-Role
    • UI-IT-Shop-MS-Shared-Folder
    • UI-IT-Shop-MS-Application-Role
    • UI-IT-Shop-MS-Mailbox
    • UI-MyIdentity-Full
    • UI-IT-Shop-MS-Common
    • UI-IT-Shop-MS-Risk
    • VIS-Application-All
    • VIS-Location-MyLocationsAndBelow
    • VIS-Person-MyOrg
    • VIS-IT-Shop-MS-API
    • VIS-Computer-All
    • VIS-Management-Role-All
    • VIS-AzLocalRole-All
    • VIS-Mailbox-All
    • VIS-Groups-All
    • VIS-BusinessRequestType-All
    • VIS-MyTasks-MS-API
    • VIS-MyIdentity-MS-API
    • VIS-Location-All-BusinessStructure
    • VIS-AzGlobalFunction-All
    • VIS-Shared-Credential-All
    • VIS-AzLocalFunction-All
    • UI-IT-Shop-MS-Azure-RBAC-Role
    • VIS-License-Pool-All
    • VIS-OrgRoleOrgZone-ALL
    Grants full access for using the IAM Shop, My Tasks, My Identity microservices. 
     Insert excerpt
    IL:External Stylesheet
    IL:External Stylesheet
    nopaneltrue