EmpowerID inventories, manages, and protects resources in what are called resource systems. Resource systems define the specific system within which a resource resides and can include Active Directory domains, LDAP directories, HR systems, Microsoft Exchange Organizations, SharePoint Farms, custom applications, and even the EmpowerID system itself.
Resources are the lowest level secured base objects in EmpowerID for which management tasks are can be performed. All objects of any type that are managed by EmpowerID in a secure fashion have a resource entry in the EmpowerID Identity Warehouse. EmpowerID supports many types of resources out of the box and can be extended to support any type of custom resource that an organization wishes to manage. Resource types exist for all secure EmpowerID objects such as people, pages, workflows, etc., as well as resource types for external systems such as Exchange Mailboxes or SharePoint web sites.
...
One special type of EmpowerID resource that should be mentioned is the Request Workflow. For each workflow used in EmpowerID there exists at least one request workflow resource. The request workflow resource is used to secure the workflow and control who may initiate it. Workflows can be initiated from a variety of methods including Web Services, URLs, Ribbon Menu buttons, and from the Service Catalog. In any case, a person will not be able to initiate the workflow unless they have a Access Level for that request workflow granting them the Initiate operation.
If added to the Self-service Catalog, Request workflows can be accessed in the EmpowerID Management Console or web interface through My Workspace. The Service Catalog allows you to categorize request workflows into logical groupings defined by an administrative boundary, making it easy for users to locate the appropriate workflow when performing tasks. When an EmpowerID user is interacting with workflows from ribbon menus or the catalog, they will not see any workflows for which they have not been granted the Initiate Operation.
It should also be noted that the request workflow resource controls access to who may start a workflow process. Each workflow typically consists of one or more operation activities, each with its own embedded authorization logic. This is to say that the ability to initiate a request workflow does not grant the rights to see any of the objects that may be displayed within the workflow or to execute any of the operations activities contained therein.
| Insert excerpt | ||||||
|---|---|---|---|---|---|---|
|