Versions Compared

Old Version 8

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

EmpowerID restricts access to the IT IAM Shop through the use of Management Roles. To access the IT IAM Shop, users must be assigned to the appropriate roles. Management Roles are prefixed by their function in EmpowerID and include the following:

  • UI – Management Roles prefixed with UI grant users access to specific UI elements in the EmpowerID Web interface. An example of this type of role for Password Manager is UI-Person-Password-Self-Service. This role grants users access to the user interfaces and workflows for enrolling for self-service password reset and changing their own passwords.

  • VIS – Management Roles prefixed with VIS grant users the ability to see specific objects in EmpowerID. An example of this type of role for Password Manager is VIS-Person-Self. All users have this Management Role by default.

  • ACT – Management Roles prefixed with ACT grant users the ability to manage specific objects in EmpowerID. An example of this type of role for Password Manager is ACT-Password-Self-Service. This role grants users access to change passwords, enroll for password self-service reset, and perform other password self-service operations.

Roles needed to shop in the IT Shop

...

Roles needed to shop in the IAM Shop

To shop for eligible resources in the IAM Shop, users need to have one or more of the below Management Role assignments (based on the needed scope):UI-IT-Shop-MS-Azure-Admin-

VIS-IT-SHOP-MS-API

Grants visibility to the base Web services required by all users of the IT Shop microservice.

Web Service Access

Executor Access Level for the following Web services:

  • BusinessFunctionsAPI

  • BusinessFunctionsAPI.GetChildrenByOrgZoneType

  • BusinessFunctionsAPI.GetOrgZonesByOrgZoneTypeTypes

  • BusinessLocationsAPI.GetOrgZoneTypes

  • BusinessLocationsAPI.Search

  • BusinessRolesAPI

  • BusinessRolesAPI.CheckAssignmentStatus

  • BusinessRolesAPI.GetApplicationRoleTemplates

  • BusinessRolesAPI.GetAssignedAppRolesByPersonGUID

  • BusinessRolesAPI.GetAssignedBusinessRolesByPersonGUID

  • BusinessRolesAPI.GetOrgRole

  • BusinessRolesAPI.GetOrgRoles

  • BusinessRolesAPI.GetSingleOrgRole

  • CartSubmissionAPI

  • CartSubmissionAPI.SubmitCart

  • CheckForSODAPI

  • CheckForSODAPI.GetAssigneesForOrgRoleType

  • GlobalSettingsAPI

  • GlobalSettingsAPI.GetConfigSetting

  • GroupsAPI

  • GroupsAPI.CheckAssignmentStatus

  • GroupsAPI.GetAssignedAppRolesByPersonGUID

  • GroupsAPI.GetAssignedMembershipByOrgRolesOrgZoneID

  • GroupsAPI.GetGroups

  • GroupsAPI.GetSingleOrgRole

  • GroupsAPI.GetTargetSystemsFilterdata

  • LocalizationAPI

  • LocalizationAPI.CountryHelpText

  • LocalizationAPI.GetByResourceSet

  • ProtectedAppResourceAPI

  • ProtectedAppResourceAPI.AlllowedSsoApplications

    • ProtectedAppResourceAPI.GetChildrenByProtectedApplication

    Role Bundle – Contains the below Management Roles:

    • ACT-Person-Delegate-All

    • ACT-Person-SetAsApprover-All

    • UI-IT-Shop-MS-Azure-Admin-Role

    • UI-IT-Shop-MS-Computer

    • UI-MyTasks-Participant-Full

    • UI-IT-Shop-MS-Management-Role

    • UI-IT-Shop-MS-Azure-License

    • UI-MyIdentity-PermanentDelegations

    • UI-MyIdentity-EmailNotification-Settings

    • UI-IT-Shop-MS-Business-Role

    • UI-IT-Shop-MS-Shared-Folder

    • UI-IT-Shop-MS-Application-Role

    • UI-IT-Shop-MS-Mailbox

    • UI-MyIdentity-Full

    • UI-IT-Shop-MS-Common

    • UI-IT-Shop-MS-Risk

    • VIS-Application-All

    • VIS-Location-MyLocationsAndBelow

    • VIS-Person-MyOrg

    • VIS-IT-Shop-MS-API

    • VIS-Computer-All

    • VIS-Management-Role-All

    • VIS-AzLocalRole-All

    • VIS-Mailbox-All

    • VIS-Groups-All

    • VIS-BusinessRequestType-All

    • VIS-MyTasks-MS-API

    • VIS-MyIdentity-MS-API

    • VIS-Location-All-BusinessStructure

    • VIS-AzGlobalFunction-All

    • VIS-Shared-Credential-All

    • VIS-AzLocalFunction-All

    • UI-IT-Shop-MS-Azure-RBAC-Role

    • VIS-License-Pool-All

    • Vis-OrgRoleOrgZone-ALL

    Management Role

    Management Role Type

    DescriptionRole Type

    UI-IT-Shop-MS-Application Role

    Feature Set (Ui)

    Grants access to shop for Application Roles (Groups) access to Applications in the IT IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and web servicesworkflows:

    Easy html macro
    theme{"label":"solarized_dark","value":"solarized_dark"}
    contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<style>\r\n.nav {\r\n border: 1px solid #C1C1C8;\r\n border-style: none none solid none;\r\n padding: 0;\r\n margin: 12px 0 32px;\r\n display: flex;\r\n flex-wrap: nowrap;\r\n overflow: auto;\r\n}\r\n .nav-link {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n}\r\n.nav-link.active {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n border-bottom: 2px solid #1662DD !important;\r\n border-radius: 0px !important;\r\n}\r\n</style>\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <ul class=\"nav nav-pills mb-3\" id=\"pills-tab\" role=\"tablist\">\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link active\" id=\"pills-first-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab1\" type=\"button\" role=\"tab\">User Interface Controls</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-second-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab2\" type=\"button\" role=\"tab\">Pages and Reports</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-third-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab3\" type=\"button\" role=\"tab\">Web Service<>Workflows</button>\r\n </li>\r\n</ul>\r\n<div class=\"tab-content\" id=\"pills-tabContent\">\r\n <div class=\"tab-pane fade show active\" id=\"tab1\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following controls:</p>\r\n <ul>\r\n <li>Target System <li>Applications Grid Control (IT Shop)</li>\r\n <li>TCodes Grid Control (IT Shop)<<li>ITShop Parsed Html More information text Control</li>\r\n <li>Manage Access Business Request Attribute Control (IT Shop)<<li>ITShop Show Only Azure Applications Control</li>\r\n <li>Application Roles Business Functions <li>Create Azure Application Workflow Control (IT Shop)</li>\r\n <li>Application Processes Control (IT Shop)<<li>ITShop-PreApprovedApplications-Control</li>\r\n <li>Suggested Application Roles Control (IT Shop)<<li>ITShop-TimeConstrainedApplications-Control</li>\r\n <li>Application Roles Account Store Attribute Control (IT Shop) </li>ul>\r\n <li>Application Roles Resource System Attribute Control (IT Shop) </li>div>\r\n <li>Application Roles Applications Control (IT Shop)</li>\r\n <li>Application Roles Owners Attribute Control (IT Shop)</li>\r\n <li>Application Roles Advanced Search Control (IT Shop)</li><div class=\"tab-pane fade show\" id=\"tab2\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following pages and reports:</p>\r\n <ul>\r\n <li>Application Roles High Level Classification Attribute Control Page (IT Shop)</li>\r\n <li>Application Roles Name Attribute Control (IT Shop) </li>ul>\r\n <li>Application Roles TCode Control (IT Shop)</li>\r\n <li>Pre-Approved Application Roles Control (IT Shop)</li>\r\n </ul>\r\\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab2tab3\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer<<b>Initiator</b> access for the following pages and reportsworkflows:</p>\r\n <ul>\r\n <li>Application Roles Page (IT Shop)<<li>CreateAzureApplication</li>\r\n </ul>\r\n \r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab3\" role=\"tabpanel\">\r\n <p>Grants <b>Executor</b> access for the following services:</p>\r\n <ul>\r\n <li>GroupsAPI.GetAssignedAppRolesByPersonGUID</li>\r\n <li>GroupsAPI.GetUser</li>\r\n <li>GroupsAPI.OwnersByAppRoleId</li>\r\n <li>GroupsAPI.GetAnonymousInfo</li>\r\n <li>\tGroupsAPI.GetAssignedMembershipByOrgRoleOrgZoneID</li>\r\n <li>GroupsAPI.GetGroups</li>\r\n <li>GroupsAPI</li>\r\n <li>GroupsAPI.GetTargetSystemFilterdata</li>\r\n <li>GroupsAPI.GetSuggestedAppRolesByOrgRoleIdOrgZoneId</li>\r\n <li>GroupsAPI.GetSingleOrgRole</li>\r\n <li>\tGroupsAPI.ApproversByAppRoleId</li>\r\n <li>GroupsAPI.CheckAssignmentStatus</li>\r\n <li>\tGroupsAPI.GetOwnersAndApprovers</li>\r\n <li>GroupsAPI.GetUserGroups</li>\r\n </ul>\r\n </div>\r\n</div>","javascript":"","css":""}

    Feature Set

    UI-IT-Shop-MS-Azure-Admin-Role

    Grants access to shop for Azure Admin Directory Roles in the IT Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and web services:

    Easy html macro
    theme{"label":"solarized_dark","value":"solarized_dark"}
    contentByMode{"html":"<!doctype html>\r\n<link href=\"n</div>","javascript":"","css":""}
    UI-IT-Shop-MS-Application Role
    Feature Set (UI)
    Grants access to shop for Application Roles (Groups) in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and web services:
     Easy html macro
    theme{"label":"solarized_dark","value":"solarized_dark"}
    contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<style>\r\n.nav {\r\n border: 1px solid #C1C1C8;\r\n border-style: none none solid none;\r\n padding: 0;\r\n margin: 12px 0 32px;\r\n display: flex;\r\n flex-wrap: nowrap;\r\n overflow: auto;\r\n}\r\n .nav-link {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n}\r\n.nav-link.active {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n border-bottom: 2px solid #1662DD !important;\r\n border-radius: 0px !important;\r\n}\r\n</style>\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/cssjs/bootstrap.bundle.min.css\" rel=\"stylesheetjs\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjCMrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\">></script>\r\n<link hrefn <ul class=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<style>\r\n.nav {\r\n border: 1px solid #C1C1C8;\r\n border-style: none none solid none;\r\n padding: 0;\r\n margin: 12px 0 32px;\r\n display: flex;\r\n flex-wrap: nowrap;\r\n overflow: auto;\r\n}\r\n .nav-link {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n}\r\n.nav-link.active {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n border-bottom: 2px solid #1662DD !important;\r\n border-radius: 0px !important;\r\n}\r\n</style>\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <ul class=\"nav nav-pills mb-3nav nav-pills mb-3\" id=\"pills-tab\" role=\"tablist\">\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link active\" id=\"pills-first-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab1\" type=\"button\" role=\"tab\">User Interface Controls</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-second-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab2\" type=\"button\" role=\"tab\">Pages and Reports</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-third-tab\" roledata-bs-toggle=\"tablistpill\" >\r\n <li classdata-bs-target=\"#tab3\" type=\"nav-itembutton\" role=\"presentationtab\">\>Web Service</button>\r\n <button </li>\r\n</ul>\r\n<div class=\"navtab-link activecontent\" id=\"pills-first-tabtabContent\" data-bs-toggle=\"pill\" data-bs-target=\"#tab1\" type=\"button>\r\n <div class=\"tab-pane fade show active\" id=\"tab1\" role=\"tabtabpanel\">User Interface Controls</button>>\r\n <p>Grants <b>Viewer</b> access for the following controls:</li>p>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-second-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab2\" type=\"button\" role=\"tab\">Pages and Reports</button>\r\n <ul>\r\n <li>Target System Control (IT Shop)</li>\r\n <li>TCodes Grid Control (IT Shop)</li>\r\n <li>Manage Access Business Request Attribute Control (IT Shop)</li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-third-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab3\" type=\"button\" role=\"tab\">Web Service</button>\r\n </li>\r\n</ul>\r\n<div class=\"tab-content\" id=\"pills-tabContent\"><li>Application Roles Business Functions Control (IT Shop)</li>\r\n <li>Application Processes Control (IT Shop)</li>\r\n <li>Suggested Application Roles Control (IT Shop)</li>\r\n <li>Application Roles Account Store Attribute Control (IT Shop)</li>\r\n <li>Application Roles Resource System Attribute Control (IT Shop)</li>\r\n <li>Application Roles Applications Control (IT Shop)</li>\r\n <li>Application Roles Owners Attribute Control (IT Shop)</li>\r\n <li>Application Roles Advanced Search Control (IT Shop)</li>\r\n <li>Application Roles High Level Classification Attribute Control (IT Shop)</li>\r\n <li>Application Roles Name Attribute Control (IT Shop)</li>\r\n <li>Application Roles TCode Control (IT Shop)</li>\r\n <li>Pre-Approved Application Roles Control (IT Shop)</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show active\" id=\"tab1tab2\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following controlspages and reports:</p>\r\n <ul>\r\n <li>\tAzure Admin Roles Role Types Control <li>Application Roles Page (IT Shop)</li>\r\n <li>Manage Access Business Request Attribute Control (IT Shop) </li>ul>\r\n \r\n <li>Azure Admin Roles Resource System Attribute Control (IT Shop) </li>div>\r\n <li>\tAzure Admin Roles Role Type Attribute Control (IT Shop)</li>\r\n <li>\tAzure Admin Roles Advanced Search Control (IT Shop)</li>\r\n <li>\tAzure Admin Roles Global Functions Control (ITShop)<<div class=\"tab-pane fade show\" id=\"tab3\" role=\"tabpanel\">\r\n <p>Grants <b>Executor</b> access for the following services:</p>\r\n <ul>\r\n <li>GroupsAPI.GetAssignedAppRolesByPersonGUID</li>\r\n <li>Azure Admin Roles Tenants Control (IT Shop)<<li>GroupsAPI.GetUser</li>\r\n <<li>GroupsAPI.OwnersByAppRoleId</ul>li>\r\n <<li>GroupsAPI.GetAnonymousInfo</div>li>\r\n <div class=\"tab-pane fade show\" id=\"tab2\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following pages and reports:</p><li>\tGroupsAPI.GetAssignedMembershipByOrgRoleOrgZoneID</li>\r\n <li>GroupsAPI.GetGroups</li>\r\n <ul><li>GroupsAPI</li>\r\n <li>Azure Admin Roles Page (IT Shop)<<li>GroupsAPI.GetTargetSystemFilterdata</li>\r\n <<li>GroupsAPI.GetSuggestedAppRolesByOrgRoleIdOrgZoneId</ul>li>\r\n \r\n </div><li>GroupsAPI.GetSingleOrgRole</li>\r\n <div class=\"tab-pane fade show\" id=\"tab3\" role=\"tabpanel\">\r\n <p>Grants <b>Executor</b> access for the following services:</p><li>\tGroupsAPI.ApproversByAppRoleId</li>\r\n <ul>\r\n <li>AzureRolesAPI<li>GroupsAPI.CheckAssignmentStatus</li>\r\n <li>AzureRolesAPI<li>\tGroupsAPI.GetRoleTypes<GetOwnersAndApprovers</li>\r\n <li>AzureRolesAPI<<li>GroupsAPI.GetUserGroups</li>\r\n <li>AzureRolesAPI.GetAdTree<</li>ul>\r\n <li>AzureRolesAPI.GetSingleAzureAdminRole<</li>div>\r\n <li>AzureRolesAPI.GetAllAssigned</li>\r\n <li>AzureRolesAPI.GetAzureAdminRoles</li>\r\n </ul>\r\n </div>\r\n</div>n</div>","javascript":"","css":""}
    Feature Set
    UI-IT-Shop-MS-Azure-License-Admin-Role
    Feature Set (UI)
    Grants access to shop for Azure LicensesAdmin Directory Roles in the IT IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and web services:
     Easy html macro
    theme{"label":"solarized_dark","value":"solarized_dark"}
    contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<style>\r\n.nav {\r\n border: 1px solid #C1C1C8;\r\n border-style: none none solid none;\r\n padding: 0;\r\n margin: 12px 0 32px;\r\n display: flex;\r\n flex-wrap: nowrap;\r\n overflow: auto;\r\n}\r\n .nav-link {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n}\r\n.nav-link.active {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n border-bottom: 2px solid #1662DD !important;\r\n border-radius: 0px !important;\r\n}\r\n</style>\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <ul class=\"nav nav-pills mb-3\" id=\"pills-tab\" role=\"tablist\">\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link active\" id=\"pills-first-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab1\" type=\"button\" role=\"tab\">User Interface Controls</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-second-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab2\" type=\"button\" role=\"tab\">Pages and Reports</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-third-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab3\" type=\"button\" role=\"tab\">Web 
     Services<
    Service</button>\r\n </li>\r\n</ul>\r\n<div class=\"tab-content\" id=\"pills-tabContent\">\r\n <div class=\"tab-pane fade show active\" id=\"tab1\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following controls:</p>\r\n <ul>\r\n 
     <li>Azure Licenses Tenant Subscription Attribute 
    <li>\tAzure Admin Roles Role Types Control (IT Shop)</li>\r\n 
     <li>Azure Licenses Resource System 
    <li>Manage Access Business Request Attribute Control (IT Shop)</li>\r\n <li>Azure 
     Licenses Name 
    Admin Roles Resource System Attribute Control (IT Shop)</li>\r\n 
     <li>Azure License Pool 
    <li>\tAzure Admin Roles Role Type Attribute Control (IT Shop)</li>\r\n 
     <li>Manage Access Business Request Attribute Control (IT Shop)</li>\r\n <li>Azure Licenses License Pool Attribute Control (IT Shop)</li>\r\n <li>Azure Subscription Control (IT Shop)</li>\r\n <li>Azure Licenses 
    <li>\tAzure Admin Roles Advanced Search Control (IT Shop)</li>\r\n 
     <li>Azure Licenses Licensed Assignee Attribute 
    <li>\tAzure Admin Roles Global Functions Control (
    IT Shop
    ITShop)</li>\r\n <li>Azure 
     Licenses 
    Admin Roles Tenants Control (IT Shop)</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab2\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following pages and reports:</p>\r\n <ul>\r\n <li>Azure 
     Licenses 
    Admin Roles Page (IT Shop)</li>\r\n </ul>\r\n \r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab3\" role=\"tabpanel\">\r\n <p>Grants <b>Executor</b> access for the following services:</p>\r\n <ul>\r\n 
     <li>\tAzureLicenseBundleAPI
    <li>AzureRolesAPI.
    GetTenantSubscriptionServices<
    CheckAssignmentStatus</li>\r\n 
     <li>AzureLicenseBundleAPI<
    <li>AzureRolesAPI.GetRoleTypes</li>\r\n 
     <li>AzureLicenseBundleAPI.GetAllEligibleLicenseBundlesByAssigneeId<
    <li>AzureRolesAPI</li>\r\n 
     <li>\tAzureLicenseBundleAPI
    <li>AzureRolesAPI.
    GetSinglee<
    GetAdTree</li>\r\n 
     <li>\tAzureLicenseBundleAPI
    <li>AzureRolesAPI.
    GetAllAzLocalServiceBundles<
    GetSingleAzureAdminRole</li>\r\n 
     <li>AzureLicenseBundleAPI
    <li>AzureRolesAPI.
    GetAllAssignedLicenseBundlesByAssigneeId<
    GetAllAssigned</li>\r\n 
     <li>AzureLicenseBundleAPI.GetAllAzLicensePool</li>\r\n <li>AzureLicenseBundleAPI.GetAllAzureAdScimResourceSystems</li>\r\n <li>\tAzureLicenseBundleAPI.CheckAssignmentStatus<
    <li>AzureRolesAPI.GetAzureAdminRoles</li>\r\n </ul>\r\n </div>\r\n</div>","javascript":"","css":""}
    UI-IT-Shop-MS-Azure-RBAC-RoleLicense
    Feature Set (UI)
    Grants access to shop for Azure  RBAC Roles Licenses in the IT IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and web services:
     Easy html macro
    theme{"label":"solarized_dark","value":"solarized_dark"}
    contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<style>\r\n.nav {\r\n border: 1px solid #C1C1C8;\r\n border-style: none none solid none;\r\n padding: 0;\r\n margin: 12px 0 32px;\r\n display: flex;\r\n flex-wrap: nowrap;\r\n overflow: auto;\r\n}\r\n .nav-link {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n}\r\n.nav-link.active {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n border-bottom: 2px solid #1662DD !important;\r\n border-radius: 0px !important;\r\n}\r\n</style>\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <ul class=\"nav nav-pills mb-3\" id=\"pills-tab\" role=\"tablist\">\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link active\" id=\"pills-first-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab1\" type=\"button\" role=\"tab\">User Interface Controls</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-second-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab2\" type=\"button\" role=\"tab\">Pages and Reports</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-third-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab3\" type=\"button\" role=\"tab\">Web Services</button>\r\n </li>\r\n</ul>\r\n<div class=\"tab-content\" id=\"pills-tabContent\">\r\n <div class=\"tab-pane fade show active\" id=\"tab1\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following controls:</p>\r\n <ul>\r\n <li>Azure 
     Rbac Roles Global Functions 
    Licenses Tenant Subscription Attribute Control (
    ITShop
    IT Shop)</li>\r\n <li>Azure 
     Rbac Roles Role Types 
    Licenses Resource System Attribute Control (IT Shop)</li>\r\n <li>Azure Licenses Name Attribute Control (IT Shop)</
    ul>
    li>\r\n <li>Azure License Pool Control (IT Shop)</
    div>
    li>\r\n 
     <div class=\"tab-pane fade show\" id=\"tab2\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following pages and reports:</p>\r\n <ul>\r\n <li>\tAzure Rbac Roles Page (ITShop
    <li>Manage Access Business Request Attribute Control (IT Shop)</li>\r\n <li>Azure Licenses License Pool Attribute Control (IT Shop)</li>\r\n <li>Azure Subscription Control (IT Shop)</li>\r\n <li>Azure Licenses Advanced Search Control (IT Shop)</
    ul>
    li>\r\n 
     \r\n 
    <li>Azure Licenses Licensed Assignee Attribute Control (IT Shop)</
    div>
    li>\r\n 
     <div 
    <li>Azure Licenses Tenants Control (IT Shop)</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"
    tab3
    tab2\" role=\"tabpanel\">\r\n <p>Grants 
     <b>Executor<
    <b>Viewer</b> access for the following 
     services
    pages and reports:</p>\r\n <ul>\r\n 
     <li>AzureRolesAPI.GetRoleTypes<
    <li>Azure Licenses Page (IT Shop)</li>\r\n 
     <li>\tAzureRolesAPI.CheckAssignmentStatus</li>
    </ul>\r\n 
     <li>\tAzureRolesAPI.GetAzureRbacRoles</li>
     \r\n 
     <li>AzureRolesAPI.GetAdTree<
    </
    li>
    div>\r\n 
     <li>AzureRolesAPI.GetAllAssigned</li>\r\n <li>AzureRolesAPI</li>\r\n <li>AzureRolesAPI.GetSingleAzureRole<
    <div class=\"tab-pane fade show\" id=\"tab3\" role=\"tabpanel\">\r\n <p>Grants <b>Executor</b> access for the following services:</p>\r\n <ul>\r\n <li>\tAzureLicenseBundleAPI.GetTenantSubscriptionServices</li>\r\n <li>AzureLicenseBundleAPI</li>\r\n <li>AzureLicenseBundleAPI.GetAllEligibleLicenseBundlesByAssigneeId</li>\r\n 
     </ul>
    <li>\tAzureLicenseBundleAPI.GetSinglee</li>\r\n 
     </div>
    <li>\tAzureLicenseBundleAPI.GetAllAzLocalServiceBundles</li>\r\
    n</div>","javascript":"","css":""}
    IT Shop, My Tasks, and My Identity Self-Service Full Access
    Grants full access for using the IT Shop, My Tasks, My Identity microservices
    Management Role
    Access Granted by Management Role
    UI-IT-Shop-MS-Full-Access
    Inherits the below Access Levels from the parent Management Role Definition:
    Workflow Access
    Initiator Access Level for following workflows:
    • UpdatePersonDirectAssignment
    • UpdatePersonBusinessRoles
    Control (User Interface) Access
    Viewer Access Level for the following controls:
    • Application Process Control
    • Business Roles TCode Control
    • Business Roles Owners Attribute Control
    • Business Roles Advanced Search Control
    • Business Roles Role Approvers Attribute Control
    • Application Roles Resource System Attribute Control
    • Business Roles Name Attribute Control
    • Target System Control
    • Application Roles TCode Control
    • Application Roles Advanced Search Control
    • Shop for Target Person Control
    • Business Functions Control
    • Business Roles Parent Business Roles Attribute Control
    • Application Roles Owners Attribute Control
    • Application Roles High Level Classification Attribute Control
    • Business Domains Control
    • Business Roles High Level Classification Attribute Control
    • Application Roles Name Attribute Name
     Application Access
    Viewer Access Level for the following applications:
    • IT Shop Microservice App
    • EmpowerID Web
    Web Service Access
    Executor Access Level for the following Web services:
    • All ITShop WebServices
    • AllRbacObjects
    • CartSubmissinoAPI.SubmitCart
     Pages and Reports Access
    Viewer Access Level for the following pages and reports:
    • Groups Page (IT Shop)
    • Business Roles Page (IT Shop)
     
    n <li>AzureLicenseBundleAPI.GetAllAssignedLicenseBundlesByAssigneeId</li>\r\n <li>AzureLicenseBundleAPI.GetAllAzLicensePool</li>\r\n <li>AzureLicenseBundleAPI.GetAllAzureAdScimResourceSystems</li>\r\n <li>\tAzureLicenseBundleAPI.CheckAssignmentStatus</li>\r\n </ul>\r\n </div>\r\n</div>","javascript":"","css":""}
    UI-IT-Shop-MS-Azure-RBAC-Role
    Feature Set (UI)
    Grants access to shop for Azure RBAC Roles in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and web services:
     Easy html macro
    theme{"label":"solarized_dark","value":"solarized_dark"}
    contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<style>\r\n.nav {\r\n border: 1px solid #C1C1C8;\r\n border-style: none none solid none;\r\n padding: 0;\r\n margin: 12px 0 32px;\r\n display: flex;\r\n flex-wrap: nowrap;\r\n overflow: auto;\r\n}\r\n .nav-link {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n}\r\n.nav-link.active {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n border-bottom: 2px solid #1662DD !important;\r\n border-radius: 0px !important;\r\n}\r\n</style>\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <ul class=\"nav nav-pills mb-3\" id=\"pills-tab\" role=\"tablist\">\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link active\" id=\"pills-first-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab1\" type=\"button\" role=\"tab\">User Interface Controls</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-second-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab2\" type=\"button\" role=\"tab\">Pages and Reports</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-third-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab3\" type=\"button\" role=\"tab\">Web Services</button>\r\n </li>\r\n</ul>\r\n<div class=\"tab-content\" id=\"pills-tabContent\">\r\n <div class=\"tab-pane fade show active\" id=\"tab1\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following controls:</p>\r\n <ul>\r\n <li>Azure Rbac Roles Global Functions Control (ITShop)</li>\r\n <li>Azure Rbac Roles Role Types Control (IT Shop)</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab2\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following pages and reports:</p>\r\n <ul>\r\n <li>\tAzure Rbac Roles Page (ITShop)</li>\r\n </ul>\r\n \r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab3\" role=\"tabpanel\">\r\n <p>Grants <b>Executor</b> access for the following services:</p>\r\n <ul>\r\n <li>AzureRolesAPI.GetRoleTypes</li>\r\n <li>\tAzureRolesAPI.CheckAssignmentStatus</li>\r\n <li>\tAzureRolesAPI.GetAzureRbacRoles</li>\r\n <li>AzureRolesAPI.GetAdTree</li>\r\n <li>AzureRolesAPI.GetAllAssigned</li>\r\n <li>AzureRolesAPI</li>\r\n <li>AzureRolesAPI.GetSingleAzureRole</li>\r\n </ul>\r\n </div>\r\n</div>","javascript":"","css":""}
    UI-IT-Shop-MS-Business-Role
    Feature Set (UI)
    Grants access to shop for Business Roles in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and web services:
     Easy html macro
    theme{"label":"solarized_dark","value":"solarized_dark"}
    contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<style>\r\n.nav {\r\n border: 1px solid #C1C1C8;\r\n border-style: none none solid none;\r\n padding: 0;\r\n margin: 12px 0 32px;\r\n display: flex;\r\n flex-wrap: nowrap;\r\n overflow: auto;\r\n}\r\n .nav-link {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n}\r\n.nav-link.active {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n border-bottom: 2px solid #1662DD !important;\r\n border-radius: 0px !important;\r\n}\r\n</style>\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <ul class=\"nav nav-pills mb-3\" id=\"pills-tab\" role=\"tablist\">\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link active\" id=\"pills-first-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab1\" type=\"button\" role=\"tab\">User Interface Controls</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-second-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab2\" type=\"button\" role=\"tab\">Pages and Reports</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-third-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab3\" type=\"button\" role=\"tab\">Web Services</button>\r\n </li>\r\n</ul>\r\n<div class=\"tab-content\" id=\"pills-tabContent\">\r\n <div class=\"tab-pane fade show active\" id=\"tab1\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following controls:</p>\r\n <ul>\r\n <li>Azure Rbac Roles Global Functions Control (ITShop)</li>\r\n <li>Azure Rbac Roles Role Types Control (IT Shop)</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab2\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following pages and reports:</p>\r\n <ul>\r\n <li>\tAzure Rbac Roles Page (ITShop)</li>\r\n </ul>\r\n \r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab3\" role=\"tabpanel\">\r\n <p>Grants <b>Executor</b> access for the following services:</p>\r\n <ul>\r\n <li>AzureRolesAPI.GetRoleTypes</li>\r\n <li>\tAzureRolesAPI.CheckAssignmentStatus</li>\r\n <li>\tAzureRolesAPI.GetAzureRbacRoles</li>\r\n <li>AzureRolesAPI.GetAdTree</li>\r\n <li>AzureRolesAPI.GetAllAssigned</li>\r\n <li>AzureRolesAPI</li>\r\n <li>AzureRolesAPI.GetSingleAzureRole</li>\r\n </ul>\r\n </div>\r\n</div>","javascript":"","css":""}
    UI-IT-Shop-MS-Common
    Feature Set (UI)
    Grants access for common/shared UI and APIs used by the IAM Shop. The role specifically grants access to the following applications, user interface controls, and web services:
     Easy html macro
    theme{"label":"solarized_dark","value":"solarized_dark"}
    contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<style>\r\n.nav {\r\n border: 1px solid #C1C1C8;\r\n border-style: none none solid none;\r\n padding: 0;\r\n margin: 12px 0 32px;\r\n display: flex;\r\n flex-wrap: nowrap;\r\n overflow: auto;\r\n}\r\n .nav-link {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n}\r\n.nav-link.active {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n border-bottom: 2px solid #1662DD !important;\r\n border-radius: 0px !important;\r\n}\r\n</style>\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <ul class=\"nav nav-pills mb-3\" id=\"pills-tab\" role=\"tablist\">\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link active\" id=\"pills-first-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab1\" type=\"button\" role=\"tab\">Applications</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-second-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab2\" type=\"button\" role=\"tab\">User Interface Controls</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-third-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab3\" type=\"button\" role=\"tab\">Web Services</button>\r\n </li>\r\n</ul>\r\n<div class=\"tab-content\" id=\"pills-tabContent\">\r\n <div class=\"tab-pane fade show active\" id=\"tab1\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following applications:</p>\r\n <ul>\r\n <li>IT Shop Microservice App</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab2\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following user interface controls:</p>\r\n <ul>\r\n <li>Manage Access Workflow Id Attribute Control (IT Shop)</li>\r\n <li>Resource's Access Request Policy Control (IT Shop)</li>\r\n <li>ITShop-ShowManageAccessFiltersBar-Control</li>\r\n <li>Reassign Cart Approver Control (IT Shop)</li>\r\n <li>Shop For Target Person Control (IT Shop)</li>\r\n <li>ITShop Workflow Tab Control</li>\r\n <li>Simple Text Search Control (IT Shop)</li>\r\n <li>Manage Access View Pending Access Control (IT Shop)</li>\r\n <li>Shop By Reference Person Control (IT Shop)</li>\r\n <li>Show Cart Approver Control (IT Shop)</li>\r\n <li>Manage Access Business Request Attribute Control (IT Shop)</li>\r\n <li>Show Guided Shop for first time login (IT Shop)</li>\r\n <li>Cart Due Date Control (IT Shop)</li>\r\n </ul>\r\n \r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab3\" role=\"tabpanel\">\r\n <p>Grants <b>Executor</b> access for the following services:</p>\r\n <ul>\r\n <li>MscPerson.GetSearch</li>\r\n <li>CartSubmissionAPI.GetAnonymousInfo</li>\r\n <li>CartSubmissionAPI.SubmitCart</li>\r\n <li>CartSubmissionAPI.DefaultApprover</li>\r\n <li>MscPerson.GetPersonByGUID</li>\r\n <li>MscProtectedApplication.GetTargetSystemFilterData</li>\r\n <li>CartSubmissionAPI.GetUserGroups</li>\r\n <li>MscPerson.GetPhoto</li>\r\n <li>LocalizationAPI</li>\r\n <li>MscLocalization.AvailableLanguages</li>\r\n <li>CartSubmissionAPI.BusinessRequestTypes</li>\r\n <li>CartSubmissionAPI.ProcessAzureAdminRoles</li>\r\n <li>CartSubmissionAPI.ProcessGroups</li>\r\n <li>CartSubmissionAPI.GetUser</li>\r\n <li>CartSubmissionAPI.ProcessOrgRoles</li>\r\n <li>CartSubmissionAPI.SuggestedApprovers</li>\r\n <li>MscLocalization.GetByResourceSet</li>\r\n <li>CartSubmissionAPI</li>\r\n <li>MscGlobalConfig.GetConfigSetting</li>\r\n <li>CartSubmissionAPI.ProcessLicenseBundles</li>\r\n <li>CartSubmissionAPI.ProcessManagementRoles</li>\r\n <li>CartSubmissionAPI.GetCartItemResults</li>\r\n <li>MscProtectedApplication.GetChildren</li>\r\n <li>LocalizationAPI.CountryHelpText</li>\r\n <li>MscProtectedApplication.AllowedSsoApplications</li>\r\n </ul>\r\n </div>\r\n</div>","javascript":"","css":""}
    UI-IT-Shop-MS-Full-Access
    Feature Set (UI)
    Grants access to all Item Types and UI in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, web services and workflows:
     Easy html macro
    theme{"label":"solarized_dark","value":"solarized_dark"}
    contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<style>\r\n.nav {\r\n border: 1px solid #C1C1C8;\r\n border-style: none none solid none;\r\n padding: 0;\r\n margin: 12px 0 32px;\r\n display: flex;\r\n flex-wrap: nowrap;\r\n overflow: auto;\r\n}\r\n .nav-link {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n}\r\n.nav-link.active {\r\n background: transparent !important;\r\n color: #1D1D21 !important;\r\n border-bottom: 2px solid #1662DD !important;\r\n border-radius: 0px !important;\r\n}\r\n</style>\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <ul class=\"nav nav-pills mb-3\" id=\"pills-tab\" role=\"tablist\">\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link active\" id=\"pills-first-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab1\" type=\"button\" role=\"tab\">Applications</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-second-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab2\" type=\"button\" role=\"tab\">User Interface Controls</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-third-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab3\" type=\"button\" role=\"tab\">Pages and Reports</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-fourth-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab4\" type=\"button\" role=\"tab\">Web Services</button>\r\n </li>\r\n <li class=\"nav-item\" role=\"presentation\">\r\n <button class=\"nav-link\" id=\"pills-fifth-tab\" data-bs-toggle=\"pill\" data-bs-target=\"#tab5\" type=\"button\" role=\"tab\">Workflows</button>\r\n </li>\r\n</ul>\r\n<div class=\"tab-content\" id=\"pills-tabContent\">\r\n <div class=\"tab-pane fade show active\" id=\"tab1\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following applications:</p>\r\n <ul>\r\n <li>EmpowerID Web</li>\r\n <li>IT Shop Microservice App</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab2\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following controls:</p>\r\n <ul>\r\n <li>Application Roles Resource System Attribute Control (IT Shop)</li>\r\n <li>Manage Access View Pending Access Control (IT Shop)</li>\r\n <li>Shop For Target Person Control (IT Shop)</li>\r\n <li>Simple Text Search Control (IT Shop)</li>\r\n <li>Azure Admin Roles Resource System Attribute Control (IT Shop)</li>\r\n <li>Azure Licenses Tenants Control (IT Shop)</li>\r\n <li>Application Roles Name Attribute Control (IT Shop)</li>\r\n <li>Azure Admin Roles Role Type Attribute Control (IT Shop)</li>\r\n <li>Azure Licenses License Pool Attribute Control (IT Shop)</li>\r\n <li>Management Roles Advanced Search Control (IT Shop)</li>\r\n <li>Business Domains Control (IT Shop)</li>\r\n <li>Application Roles Owners Attribute Control (IT Shop)</li>\r\n <li>Application Roles TCode Control (IT Shop)</li>\r\n <li>Azure Licenses Advanced Search Control (IT Shop)</li>\r\n <li>Target System Control (IT Shop)</li>\r\n <li>Azure Admin Roles Tenants Control (IT Shop)</li>\r\n <li>Application Roles High Level Classification Attribute Control (IT Shop)</li>\r\n <li>Show Guided Shop for first time login (IT Shop)</li>\r\n <li>Azure Subscription Control (IT Shop)</li>\r\n <li>Shop By Reference Person Control (IT Shop)</li>\r\n <li>Azure Licenses Name Attribute Control (IT Shop)</li>\r\n <li>Application Roles Account Store Attribute Control (IT Shop)</li>\r\n <li>Azure Licenses Resource System Attribute Control (IT Shop)</li>\r\n <li>Application Processes Control (IT Shop)</li>\r\n <li>Shared Folders Advanced Search Control (IT Shop)</li>\r\n <li>Mailboxes Advanced Search Control (IT Shop)</li>\r\n <li>Azure Licenses Licensed Assignee Attribute Control (IT Shop)</li>\r\n <li>Azure Admin Roles Role Types Control (IT Shop)</li>\r\n <li>Reassign Cart Approver Control (IT Shop)</li>\r\n <li>Business Roles Parent Business Role Attribute Control (IT Shop)</li>\r\n <li>Azure Licenses Tenant Subscription Attribute Control (IT Shop)</li>\r\n <li>Credentials Advance Search Control IT Shop</li>\r\n <li>Management Roles Name Attribute Control (IT Shop)</li>\r\n <li>Business Functions Control (IT Shop)</li>\r\n <li>Management Roles Type Friendly Name Attribute Control (IT Shop)</li>\r\n <li>Business Roles High Level Classification Attribute Control (IT Shop)</li>\r\n <li>Business Roles Role Approvers Attribute Control (IT Shop)</li>\r\n <li>Azure License Pool Control (IT Shop)</li>\r\n <li>Application Roles Advanced Search Control (IT Shop)</li>\r\n <li>Suggested Application Roles Control (IT Shop)</li>\r\n <li>Manage Access Business Request Attribute Control (IT Shop)</li>\r\n <li>Computers Advanced Search Control (IT Shop)</li>\r\n <li>Management Roles Owners Attribute Control (IT Shop)</li>\r\n <li>Azure Admin Roles Advanced Search Control (IT Shop)</li>\r\n <li>Business Roles TCode Control (IT Shop)</li>\r\n <li>Business Roles Name Attribute Control (IT Shop)</li>\r\n <li>Business Roles Owners Attribute Control (IT Shop)</li>\r\n <li>Business Roles Advanced Search Control (IT Shop)</li>\r\n <li>Business Roles Advanced Search Control (IT Shop)</li>\r\n <li>Azure Rbac Roles Role Types Control (IT Shop)</li>\r\n </ul>\r\n </div>\r\n \r\n <div class=\"tab-pane fade show\" id=\"tab3\" role=\"tabpanel\">\r\n <p>Grants <b>Viewer</b> access for the following pages and reports:</p>\r\n <ul>\r\n <li>Business Roles Page (ITShop)</li>\r\n <li>Azure Licenses Page (IT Shop)</li>\r\n <li>Azure Rbac Roles Page (ITShop)</li>\r\n <li>Application Roles Page (ITShop)</li>\r\n <li>Azure Admin Roles Page (ITShop)</li>\r\n <li>Management Roles Page (ITShop)</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab4\" role=\"tabpanel\">\r\n <p>Grants <b>Executor</b> access for the following services:</p>\r\n <ul>\r\n <li>CartSubmissionAPI.SubmitCart</li>\r\n <li>CartSubmissionAPI.SubmitCart</li>\r\n <li>AllRbacObjects</li>\r\n </ul>\r\n </div>\r\n <div class=\"tab-pane fade show\" id=\"tab5\" role=\"tabpanel\">\r\n <p>Grants <b>Initiator</b> access for the following workflows:</p>\r\n <ul>\r\n <li>UpdatePersonManagementRoles</li>\r\n <li>UpdatePersonBusinessRoles</li>\r\n <li>UpdatePersonDirectAssignment</li>\r\n </ul>\r\n </div>\r\n</div>","javascript":"","css":""}
    VIS-IT-Shop-MS-API 
    Visibility (VIS)
    Grants access to the base web services required by all users of the IAM Shop Microservice. The role specifically grants access to the following web services:
    • BusinessLocationsAPI.GetUserGroups
    • BusinessLocationsAPI.GetUser
    • BusinessLocationsAPI.GetEligibleLocation
    • ComputersAPI.GetAllAssignedComputers
    • AzureRolesAPI.CheckAssignmentStatus
    • MscAccessRequestPolicy.GetByResourceID
    • AzureRolesAPI.GetAllAssigned
    • BusinessLocationsAPI.GetChildren
    • MscPerson.GetPhoto
    • MscResourceAccessRequestAssignee.GetByResourceIdForAssignee
    • MscUIAction.GetByResourceID
    • MscUtility.ListItemsBySetName
    • ExternalCredentialsAPI.GetAllExternalCredentials
    • ExternalCredentialsAPI.ValidateMasterPassword
    • MscRenewableAssignment.IsRenewableAssignment
    • MscExternalCredential.DeleteCredential
    • MscExternalCredential.DeleteCredential
    • ComputersAPI.GetComputersForLoginSessionAccess
    • BusinessRolesAPI.GetAnonymousInfo
    • GroupsAPI.GetGroups
    • BusinessRolesAPI.GetAssignedBusinessRolesByPersonGUID
    • GroupsAPI.GetAssignedAppRolesByPersonGUID
    • CartSubmissionAPI
    • CartSubmissionAPI.ProcessOrgRoles
    • GroupsAPI.GetTargetSystemFilterdata
    • CartSubmissionAPI.ProcessLicenseBundles
    • AzureLicenseBundleAPI.GetAllEligibleLicenseBundlesByAssigneeId
    • ManagementRolesAPI.GetManagementRoles
    • AzureRolesAPI.GetSingleAzureAdminRole
    • GroupsAPI.GetOwnersAndApprovers
    • MscGlobalConfig.GetConfigSetting
    • MscPerson.PeopleToSetAsDelegate
    • ManagementRolesAPI.OwnersByManagementRoleId
    • SharedFoldersAPI.GetSingleSharedFolder
    • SharedFoldersAPI.GetAllAssignedSharedFolders
    • MailBoxesAPI.GetAllAssignedMailBoxes
    • ProtectedApplicationsAPI.GetOwnersOrDeputies
    • SharepointAPI.GetAllWebSites
    • ComputersAPI.GetComputerOperatingSystemTypes
    • MscUtility.ListMethodSignatures
    • MscExternalCredential.CheckOutCredential
    • MscUtility.GetAdditionalDynamicProperties
    • BusinessRolesAPI.GetUserGroups
    • BusinessRolesAPI.GetUser
    • GroupsAPI.GetUser
    • BusinessLocationsAPI.GetAnonymousInfo
    • BusinessFunctionsAPI.GetAnonymousInfo
    • BusinessFunctionsAPI.GetUser
    • BusinessLocationsAPI.GetOrgZoneTypes
    • BusinessRolesAPI.ExecuteMethod
    • CheckForSODAPI
    • CheckForSODAPI.CheckForSOD
    • GroupsAPI.GetAssignedMembershipByOrgRoleOrgZoneID
    • GroupsAPI.GetSingleOrgRole
    • CartSubmissionAPI.GetAnonymousInfo
    • All ITShop WebServices
    • CheckForSODAPI.GetAssigneesForOrgRoleType
    • AzureLicenseBundleAPI
    • AzureLicenseReportAPI.getReportByReportID
    • ManagementRolesAPI
    • ManagementRolesAPI.GetAllAssigned
    • ManagementRolesAPI.CheckAssignmentStatus
    • CartSubmissionAPI.ProcessAzureAdminRoles
    • AzureLicenseBundleAPI.GetTenantSubscriptionServices
    • LocalizationAPI.CountryHelpText
    • GroupsAPI.GetSuggestedAppRolesByOrgRoleIdOrgZoneId
    • GroupsAPI.OwnersByAppRoleId
    • BusinessFunctionsAPI.LocalFunctionsByAppRole
    • BusinessFunctionsAPI.LocalFunctionsByOrgRoleOrgZone
    • BusinessRolesAPI.OwnersByRoleId
    • BusinessRolesAPI.ApproversByRoleId
    • MscProtectedApplication.GetChildren
    • MscProtectedApplication.AllowedSsoApplications
    • MscPerson.PeopleToSetAsApprover
    • GroupsAPI.GetAssignedMembershipByAssigneeId
    • MailBoxesAPI.GetAllMailBoxTypes
    • MailBoxesAPI.GetAllMailBoxes
    • MscAccessRequestPolicy.GetAll
    • ComputersAPI.GetAllComputers
    • ComputersAPI.GetSingleComputer
    • ManagementRolesAPI.GetAllAssignedByOrgRoleOrgZoneId
    • MscBusinessRequestItem.GetByAssigneeIdResourceId
    • MscUIAction.GetByNounVerb
    • ExternalCredentialsAPI.GetCheckedOutByComputerIdPersonId
    • ManagementRolesAPI.GetAllAssignedByManagementRoleId
    • ProtectedApplicationsAPI.GetAllAssignedProtectedApplications
    • ComputersAPI.GetComputerPlatformTypes
    • ExternalCredentialsAPI.GetAllAssignedExternalCredentials
    • ExternalCredentialsAPI.GetExternalCredentialProxy
    • MscExternalCredential.GetExternalCredentialProxy
    • ResourceTag
    • BusinessRolesAPI
    • BusinessRolesAPI.GetOrgRole
    • BusinessRolesAPI.GetOrgRoles
    • GroupsAPI
    • GroupsAPI.GetAnonymousInfo
    • GroupsAPI.GetUserGroups
    • BusinessLocationsAPI
    • BusinessLocationsAPI.GetChildrenByOrgZoneGUID
    • BusinessFunctionsAPI
    • BusinessFunctionsAPI.GetUserGroups
    • BusinessFunctionsAPI.GetFunctions
    • BusinessLocationsAPI.ExecuteMethod
    • BusinessLocationsAPI.Search
    • BusinessLocationsAPI.GetOrgZonesByOrgZoneType
    • BusinessRolesAPI.GetApplicationRoleTemplates
    • LocalizationAPI
    • CheckForSODAPI.GetAnonymousInfo
    • CheckForSODAPI.GetUserGroups
    • CheckForSODAPI.GetUser
    • CheckForSODAPI.ExecuteMethod
    • BusinessRolesAPI.GetSingleOrgRole
    • BusinessRolesAPI.CheckAssignmentStatus
    • GroupsAPI.CheckAssignmentStatus
    • CartSubmissionAPI.GetUserGroups
    • CartSubmissionAPI.GetUser
    • CartSubmissionAPI.SubmitCart
    • CartSubmissionAPI.ProcessGroups
    • CartSubmissionAPI.ProcessManagementRoles
    • CartSubmissionAPI.GetCartItemResults
    • BusinessRolesAPI.GetAssignedAppRolesByPersonGUID
    • AzureLicenseBundleAPI.GetSingle
    • AzureLicenseBundleAPI.GetAllAssignedLicenseBundlesByAssigneeId
    • AzureLicenseBundleAPI.CheckAssignmentStatus
    • AzureLicenseBundleAPI.GetAllAzureAdScimResourceSystems
    • AzureLicenseBundleAPI.GetAllAzLocalServiceBundles
    • AzureLicenseBundleAPI.GetAllAzLicensePool
    • ManagementRolesAPI.GetSingleManagementRole
    • AzureRolesAPI
    • AzureRolesAPI.GetAzureAdminRoles
    • AzureRolesAPI.GetAzureRbacRoles
    • GroupsAPI.ApproversByAppRoleId
    • BusinessFunctionsAPI.LocalFunctionsByOrgRole
    • BusinessFunctionsAPI.GlobalFunctionsByOrgRole
    • BusinessRolesAPI.GetOwnersAndApprovers
    • AzureRolesAPI.GetAdTree
    • AzureRolesAPI.GetRoleTypes
    • AzureRolesAPI.GetSingleAzureRole
    • MscLocalization.GetByResourceSet
    • MscLocalization.AvailableLanguages
    • MscPerson.GetPersonByGUID
    • AccessRequestPolicyView
    • MscProtectedApplication.GetTargetSystemFilterData
    • CartSubmissionAPI.SuggestedApprovers
    • CartSubmissionAPI.DefaultApprover
    • BusinessFunctionsAPI.LocalRightsByAssigneeId
    • BusinessFunctionsAPI.LocalFunctionsByRole
    • GroupsAPI.GetSuggestedAppRolesByAssigneeId
    • MscProtectedApplication.SearchApplications
    • MscProtectedApplication.LinkedApplications
    • SharedFoldersAPI.GetAllSharedFolders
    • MscResourceTypeRole.GetByResourceId
    • ManagementRolesAPI.GetSuggestedManagementRolesByAssigneeId
    • MscPerson.OwnersByResourceId
    • BusinessFunctionsAPI.LocalFunctionsByAssignee
    • MailBoxesAPI.GetSingleMailBox
    • ProtectedApplicationsAPI.GetAllProtectedApplications
    • ProtectedApplicationsAPI.GetSingleProtectedApplication
    • ProtectedApplicationsAPI.GetSupportedResourceTypes
    • MscUIAction.GetByNoun
    • AzureRolesAPI.AzureRoleMembers
    • ProtectedApplicationsAPI.GetAllAzureApplications
    • ExternalCredentialsAPI.GetByComputerId
    • ExternalCredentialsAPI.GetCheckedOutByPersonId
    • ExternalCredentialsAPI.GetCheckedOutRecords
    • ExternalCredentialsAPI.CheckInCredential
    • SharepointAPI.GetSingleWebSite
    • ProtectedApplicationsAPI.GetSingleAzureApplication
    • ComputersAPI.GetITEnvironmentTypes
    • ComputersAPI.GetComputerRequestableDetailOptions
    • ExternalCredentialsAPI.GetSingleExternalCredential
    • MscExternalCredential.CheckInCredential
    • MscExternalCredential.ValidateMasterPassword
    • ComputersAPI.GetLoginSessionHistoryDetails
    • ComputersAPI.GetLoginSessionHistory
    IAM Shop, My Tasks, and My Identity Self-Service Full Access
    Role Bundle – Contains the below Management Roles:
    • ACT-Person-Delegate-All
    • ACT-Person-SetAsApprover-All
    • UI-IT-Shop-MS-Azure-Admin-Role
    • UI-IT-Shop-MS-Computer
    • UI-MyTasks-Participant-Full
    • UI-IT-Shop-MS-Management-Role
    • UI-IT-Shop-MS-Azure-License
    • UI-MyIdentity-PermanentDelegations
    • UI-MyIdentity-EmailNotification-Settings
    • UI-IT-Shop-MS-Business-Role
    • UI-IT-Shop-MS-Shared-Folder
    • UI-IT-Shop-MS-Application-Role
    • UI-IT-Shop-MS-Mailbox
    • UI-MyIdentity-Full
    • UI-IT-Shop-MS-Common
    • UI-IT-Shop-MS-Risk
    • VIS-Application-All
    • VIS-Location-MyLocationsAndBelow
    • VIS-Person-MyOrg
    • VIS-IT-Shop-MS-API
    • VIS-Computer-All
    • VIS-Management-Role-All
    • VIS-AzLocalRole-All
    • VIS-Mailbox-All
    • VIS-Groups-All
    • VIS-BusinessRequestType-All
    • VIS-MyTasks-MS-API
    • VIS-MyIdentity-MS-API
    • VIS-Location-All-BusinessStructure
    • VIS-AzGlobalFunction-All
    • VIS-Shared-Credential-All
    • VIS-AzLocalFunction-All
    • UI-IT-Shop-MS-Azure-RBAC-Role
    • VIS-License-Pool-All
    • VIS-OrgRoleOrgZone-ALL
    Grants full access for using the IAM Shop, My Tasks, My Identity microservices. 
     Insert excerpt
    IL:External Stylesheet
    IL:External Stylesheet
    nopaneltrue