Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
EmpowerID restricts access to people through the use of Management Roles. To work with people users must be assigned to the appropriate roles. Management Roles are prefixed by their function in EmpowerID and include the following:
UI — Management Roles prefixed with UI grant users access to specific UI elements in the EmpowerID Web interface. An example of this type of role for people is UI-Person-Object-Administration. This role grants access to the user interfaces and workflows for managing Person objects.
VIS — Management Roles prefixed with VIS grant users the ability to see specific objects in EmpowerID. An example of this type of role for people is VIS-Person-MyLocations. This role grants access to see people that belong to same location as the person with the role.
ACT — Management Roles prefixed wtih ACT grant users the ability to manage specific objects in EmpowerID. An example of this type of role for people is ACT-Person-Role-Assignment-All. This role grants users with the role the ability to assign and unassign people to and from roles.
Roles Needed to View Own Profile
To view their basic profile information, users need to have the following Management Role assignments:
Rw ui expands macro | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Expand | |||||||||||||||
| |||||||||||||||
|
Roles Needed to Manage People’s Profile Information
To manage the profile information of people, users need to have a combination of the following Management Role assignments (based on the needed scope):
Expand | ||||||
---|---|---|---|---|---|---|
| ||||||
|
Roles needed to manage the profiles of all people belonging to the same locations as the person with the roles
|
|
|
|
|
|
VIS-Person-MyOrg
Grants visibility for people in a person's organizations. Can view basic information about people belonging to the same organizations.
Visibility
VIS-Person-MyDirectReports
Grants visibility for all direct reports of the person with the role. Can view basic information about their direct reports.
Visibility
VIS-People-All
Grants visibility for all people in the system. Can view basic information about all people in the system.
Visibility
ACT-Person-Profile-Edit-All
Grants the ability to edit the profile attributes for all people in the system.
Activity
ACT-Person-Profile-Edit-Customers
Grants the ability to edit the profile attributes for all people below the Customers location.
Activity
ACT-Person-Profile-Edit-DirectReports
Grants the ability to edit the profile attributes for their Direct Reports
Activity
ACT-Person-Profile-Edit-MyOrg
Grants the ability to edit the profile attributes for all people in their organizations.
Activity
ACT-Person-Profile-Edit-Partners
Grants the ability to edit the profile attributes for all people below the Partners location.
Activity
Roles Needed to Manage the Management Role Assignments of People
To manage the Management Role assignments of people, users need to have a combination of the following Management Role assignments (based on the needed scope):Expand | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||
|
Expand | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||
|
Expand | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||
|
Expand | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||
|
Expand | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||
|
Roles Needed to Manage the Management Role Assignments of People
To manage the Management Role assignments of people, users need to have a combination of the following Management Role assignments (based on the needed scope):
Expand | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||
|
Expand | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||
|
Management Role | Access Granted by Management Role | Role Type | |||
---|---|---|---|---|---|
UI-Management-Role-Membership-Management | Grants access to the user interfaces and workflows for managing the membership of Management Roles. | Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESS
WORKFLOW ACCESS
| VIS-Person-MyLocations | Grants visibility for all people in a person's locations. The role is needed when responsible for assigning roles to people in the person’s locations. | Visibility |
VIS-Person-MyOrg | Grants visibility for people in a person's organizations. The role is needed when responsible for assigning roles to people in the person’s organizations. | Visibility | VIS-Person-MyDirectReports | Grants visibility for all direct reports of the person with the role. The role is needed when responsible for assigning roles to direct reports. | Visibility |
VIS-People-All | Grants visibility for all people in the system. The role is needed when responsible for assigning roles to any person in the system. | Visibility | |||
VIS-Management-Role-MyLocations | Grants access to the View pages for Management Roles in a person's locations. The role is needed when responsible for assigning roles that are in the person’s locations. | Visibility | |||
VIS-Management-Role-MyOrg | Grants access to the View pages for people Management Roles in a person's organizations. The role is needed when responsible for assigning roles that are in the person’s organizations. | Visibility | |||
VIS-Management-Role-All | Grants access to the View pages for all people Management Roles in the system. The role is needed when responsible for assigning roles in any location. | Visibility | |||
ACT-Management-Role-Membership-Management-All | Grants access to manage membership for all management roles. | Activity | |||
ACT-Management-Role-Membership-Management-Azure-License-Manager | Grants access to manage membership for all management roles for the Azure License Manager Application | Activity | ACT-Management-Role-Membership-Management-MyLocations | Grants access to manage membership for management roles in person's locations. | Activity |
ACT-Management-Role-Membership-Management-MyOrg | Grants access to manage membership for management roles in person's organization. | Activity | |||
ACT-Management-Role-Membership-Management-Partners | Grants access to manage membership for management roles in or below the Partners location. | Activity |
Roles Needed to Manage the Business Role Assignments of People
To manage the Business Role assignments of people, users need to have a combination of the following Management Role assignments (based on the needed scope):
Management Role | Purpose of Management Role | Role Type |
---|---|---|
UI-Person-Role-Assignment | Grants access to user interface and workflows for managing assignments of people to roles. | Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESS
WORKFLOW ACCESS
|
VIS-BusinessRole-MyLocations | Grants visibility for Business Roles in a person's locations. This role is required to see qualifying Business Roles in the Business Roles trees. | Visibility |
VIS-BusinessRole-MyOrg | Grants visibility for Business Roles in a person's organizations. This role is required to see qualifying Business Roles in the Business Roles trees. | Visibility |
VIS-BusinessRole-All | Grants visibility for all Business Roles. This role is required to see qualifying Business Roles in the Business Roles trees. | Visibility |
VIS-Location-All-Business-Locations | Grants visibility for all locations under All Business Locations. This role is required to see qualifying Locations in the Locations trees. | Visibility |
VIS-Location-MyLocationsAndAbove | Grants visibility for the Person's locations and above. This role is required to see qualifying Locations in the Locations trees. | Visibility |
VIS-Location-MyLocationsAndBelow | Grants visibility for the Person's locations and below. This role is required to see qualifying Locations in the Locations trees. | Visibility |
VIS-Location-All | Grants visibility for all locations in the location trees related to managing shared credentials. This role is required to see qualifying Locations in the Locations trees. | Visibility |
ACT-Business-Role-Assignment-All | Grants people with the role access to operations for managing assignments of people to business roles in the person's organizations. | Activity |
ACT-Business-Role-Assignment-MyLocations | Grants people with the role access to operations for managing assignments of people to business roles in the person's locations and below. | Activity |
ACT-Business-Role-Assignment-MyOrg | Grants people with the role access to operations for managing assignments of people to business roles in the person's organizations. | Activity |
Roles Needed to Add People to Groups
To manage the group membership of people, users need to have the following Management Role assignment:
Management Role | Purpose of Management Role | Role Type |
---|---|---|
UI-Group-Membership-Management | Grants access to user interface and workflows user interface and workflows for group membership management. | Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESS
WORKFLOW ACCESS
|
VIS-Groups-All | Grants visibility for all groups. | Visibility |
VIS-Groups-All-AD | Grants visibility for all AD groups. | Visibility |
VIS-Groups-All-AWS | Grants visibility for all AWS groups. | Visibility |
VIS-Groups-All-Azure | Grants visibility for all Azure groups in any tenant. | Visibility |
VIS-Groups-All-IT-Systems | Grants visibility for all groups. under All IT Systems. | Visibility |
VIS-Groups-All-O365 | Grants visibility for all Office 365 groups. | Visibility |
VIS-Groups-All-SAP | Grants visibility for all SAP Roles and Profiles. | Visibility |
VIS-Groups-Distribution-MyLocation | Grants visibility for all Distribution groups in a person’s locations. | Visibility |
VIS-Groups-Distribution-MyOrg | Grants visibility for all Distribution groups in a person’s organizations. | Visibility |
VIS-Groups-Generic-MyLocation | Grants visibility for all Generic groups in a person’s locations. | Visibility |
VIS-Groups-Generic-MyOrg | Grants visibility for all Generic groups in a person’s organizations. | Visibility |
VIS-Groups-Security-MyLocation | Grants visibility for all Security groups in a person’s locations. | Visibility |
VIS-Groups-Security-MyOrg | Grants visibility for all Security groups in a person’s organizations. | Visibility |
ACT-Group-Membership-Management-All-Groups | Grants people with the role access to manage membership for all groups | |
ACT-Group-Membership-Management-All-AD-Groups | Grants people with the role access to manage membership for all Active Directory groups. | Activity |
ACT-Group-Membership-Management-All-AWS-Groups | Grants people with the role access to manage membership for all AWS groups. | Activity |
ACT-Group-Membership-Management-All-IT-Systems | Grants people with the role access to manage group membership for all groups under All IT Systems. | Activity |
ACT-Group-Membership-Management-All-O365-Groups | Grants people with the role access to manage membership for all Office 365 groups. | Activity |
ACT-Group-Membership-Management-All-SAP-Groups | Grants people with the role access to manage membership for all SAP Roles and Profiles. | Activity |
ACT-Group-Membership-Management-Distribution-MyLocations | Grants people with the role access to manage membership for all distribution groups in person's locations. | Activity |
ACT-Group-Membership-Management-Distribution-MyOrganizations | Grants people with the role access to manage membership for all distribution groups in person's organizations. | Activity |
ACT-Group-Membership-Management-Generic-MyLocations | Grants people with the role access to manage membership for all generic groups in person's locations. | Activity |
ACT-Group-Membership-Management-Generic-MyOrganizations | Grants people with the role access to manage membership for all generic groups in person's organizations. | Activity |
ACT-Group-Membership-Management-Security-MyLocations | Grants people with the role access to manage membership for all security groups in person's locations. | Activity |
ACT-Group-Membership-Management-Security-MyOrganizations | Grants people with the role access to manage membership for all security groups in person's organizations. | Activity |
Roles Needed to Create Person Objects
To create new Person objects in EmpowerID, users need to have a combination of the following Management Role assignments (based on the needed scope):
Management Role | Access Granted by Management Role | Role Type |
---|---|---|
UI-Person-Object-Create | Grants access to the user interfaces and workflows to create Person objects. | Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESS
WORKFLOW ACCESS
|
VIS-Person-MyLocations | Grants visibility for all people in a person's locations. The role is needed when responsible for assigning roles to people in the person’s locations. | Visibility |
VIS-Person-MyOrg | Grants visibility for people in a person's organizations. The role is needed when responsible for assigning roles to people in the person’s organizations. | Visibility |
VIS-Person-MyDirectReports | Grants visibility for all direct reports of the person with the role. The role is needed when responsible for assigning roles to direct reports. | Visibility |
VIS-People-All | Grants visibility for all people in the system. The role is needed when responsible for assigning roles to any person in the system. | Visibility |
VIS-Management-Role-All | Grants access to the View pages for all people in the system. The role is needed when responsible for assigning roles in any location. | Visibility |
ACT-Management-Role-Membership-Management-All | Grants access to manage membership for all management roles. | Activity |
ACT-Management-Role-Membership-Management-Azure-License-Manager | Grants access to manage membership for all management roles for the Azure License Manager Application | Activity |
ACT-Management-Role-Membership-Management-MyLocations | Grants access to manage membership for management roles in person's locations. | Activity |
ACT-Management-Role-Membership-Management-MyOrg | Grants access to manage membership for management roles in person's organization. | Activity |
ACT-Management-Role-Membership-Management-Partners | Grants access to manage membership for management roles in or below the Partners location. | Activity |
Roles Needed to Administer Person Objects
To perform administrative actions against person objects, such as creating and deleting them from EmpowerID, users need to have a combination of the following Management Role assignments (based on the needed scope):
Management Role | Access Granted by Management Role | Role Type |
---|---|---|
UI-Person-Object-Administration | Grants access to the user interfaces and workflows for person object management. | Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESS
WORKFLOW ACCESS
|
VIS-Person-MyLocations | Grants visibility for all people in a person's locations. The role is needed when responsible for assigning roles to people in the person’s locations. | Visibility |
VIS-Person-MyOrg | Grants visibility for people in a person's organizations. The role is needed when responsible for assigning roles to people in the person’s organizations. | Visibility |
VIS-Person-MyDirectReports | Grants visibility for all direct reports of the person with the role. The role is needed when responsible for assigning roles to direct reports. | Visibility |
VIS-People-All | Grants visibility for all people in the system. The role is needed when responsible for assigning roles to any person in the system. | Visibility |
VIS-Management-Role-MyLocations | Grants access to the View pages for Management Roles in a person's locations. The role is needed when responsible for assigning roles that are in the person’s locations. | Visibility |
VIS-Management-Role-MyOrg | Grants access to the View pages for people in a person's organizations. The role is needed when responsible for assigning roles that are in the person’s organizations. | Visibility |
VIS-Management-Role-All | Grants access to the View pages for all people in the system. The role is needed when responsible for assigning roles in any location. | Visibility |
ACT-Management-Role-Membership-Management-All | Grants access to manage membership for all management roles. | Activity |
ACT-Management-Role-Membership-Management-Azure-License-Manager | Grants access to manage membership for all management roles for the Azure License Manager Application | Activity |
ACT-Management-Role-Membership-Management-MyLocations | Grants access to manage membership for management roles in person's locations. | Activity |
ACT-Management-Role-Membership-Management-MyOrg | Grants access to manage membership for management roles in person's organization. | Activity |
ACT-Management-Role-Membership-Management-Partners | Grants access to manage membership for management roles in or below the Partners location. | Activity |
Div | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||
IN THIS ARTICLE
|
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|