Page Comparison

EmpowerID restricts access to people through the use of Management Roles. To work with people users must be assigned to the appropriate roles. Management Roles are prefixed by their function in EmpowerID and include the following:

UI — Management Roles prefixed with UI grant users access to specific UI elements in the EmpowerID Web interface. An example of this type of role for people is UI-Person-Object-Administration. This role grants access to the user interfaces and workflows for managing Person objects.
VIS — Management Roles prefixed with VIS grant users the ability to see specific objects in EmpowerID. An example of this type of role for people is VIS-Person-MyLocations. This role grants access to see people that belong to same location as the person with the role.
ACT — Management Roles prefixed wtih ACT grant users the ability to manage specific objects in EmpowerID. An example of this type of role for people is ACT-Person-Role-Assignment-All. This role grants users with the role the ability to assign and unassign people to and from roles.

Roles

Needed to View Own Profile

needed to view self profile

To view their basic profile information, users need to have the following Management Role assignments:

Expand

title	View Roles

Management Role	Access Granted by Management Role	Role Type
UI-Person-Profile-Self-Service	Grants people access to the user interfaces and workflows for managing their own profile attributes.	Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESS View Self Page Viewer for the Page Viewer for the General Tab Edit Self Person Page Viewer for the Page Viewer for the Photo Edit Control WORKFLOW ACCESS Profile Manager Workflow Initiator for the workflow Person Edit Workflow Initiator for the workflow Person Photo Approval Workflow Initiator for the workflow
VIS-Person-Self	Grants people visibility to the View Person Page for see their own person. Granted by default to all people.	Visibility
ACT-Person-Profile-Self-Service	Grants people the ability to edit their profile attributes.	Activity
Profile Self-Service	Grants people the ability to edit their own profile attributes. Can be used in place of the above three Management Roles assignments.	Role Bundle — Contains the below Management Roles VIS-Person-Self ACT-Person-Profile-Self-Service UI-Person-Person-Profile-Self-Service

Roles

Needed to Manage People’s Profile Information

needed to manage profiles

To manage the profile information of people, users need to have a combination of the following Management Role assignments (based on the needed scope):

Expand

title	Roles needed by people to manage the profiles of their direct reports

Management Role

Access Granted by Management Role

Role Type

UI-Person-Profile-Edit

Grants people access to the user interfaces and workflows for editing people’s profile attributes.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

Find Person Page
- Viewer for the page
- Viewer for the People Tab
View One Person Page
- Viewer for the page
- Viewer for the Manage Tab
Edit Person Page
- Viewer for the page
Edit Person Contextual Page
- Viewer for the page
Global Search Box
- Viewer for the search box

WORKFLOW ACCESS

Person Edit
- Initiator for the workflow
Edit Person Photo Approval
- Initiator for the workflow

VIS-Person-MyDirectReports

Grants visibility for all direct reports of the person with the role. Can view basic information about their direct reports.

Visibility

ACT-Person-Profile-Edit-DirectReports

Grants the ability to edit the profile attributes for their Direct Reports

Activity

Expand

title	Roles needed by people to manage the profiles of people in their locations

Management Role

Access Granted by Management Role

Role Type

UI-Person-Profile-Edit

Grants people access to the user interfaces and workflows for editing people’s profile attributes.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

Find Person Page
- Viewer for the page
- Viewer for the People Tab
View One Person Page
- Viewer for the page
- Viewer for the Manage Tab
Edit Person Page
- Viewer for the page
Edit Person Contextual Page
- Viewer for the page
Global Search Box
- Viewer for the search box

WORKFLOW ACCESS

Person Edit
- Initiator for the workflow
Edit Person Photo Approval
- Initiator for the workflow

VIS-Person-MyLocations

Grants visibility for all people in a person's locations. Can view basic information about people belonging to the same locations.

Visibility

ACT-Person-Profile-Edit-MyLocations

Grants the ability to edit the profile attributes for all people in their locations.

Activity

Expand

title	Roles needed to manage the profile information of users belonging to the same organizations as the people with the roles

Management Role

Access Granted by Management Role

Role Type

UI-Person-Profile-Edit

Grants people access to the user interfaces and workflows for editing people’s profile attributes.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

Find Person Page
- Viewer for the page
- Viewer for the People Tab
View One Person Page
- Viewer for the page
- Viewer for the Manage Tab
Edit Person Page
- Viewer for the page
Edit Person Contextual Page
- Viewer for the page
Global Search Box
- Viewer for the search box

WORKFLOW ACCESS

Person Edit
- Initiator for the workflow
Edit Person Photo Approval
- Initiator for the workflow

VIS-Person-MyOrg

Grants visibility for people in a person's organizations. Can view basic information about people belonging to the same organizations.

Visibility

ACT-Person-Profile-Edit-MyOrg

Grants the ability to edit the profile attributes for all people in their organizations.

Activity

Expand

title	Roles needed to manage the profile information of customers

Management Role

Access Granted by Management Role

Role Type

UI-Person-Profile-Edit

Grants people access to the user interfaces and workflows for editing people’s profile attributes.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

Find Person Page
- Viewer for the page
- Viewer for the People Tab
View One Person Page
- Viewer for the page
- Viewer for the Manage Tab
Edit Person Page
- Viewer for the page
Edit Person Contextual Page
- Viewer for the page
Global Search Box
- Viewer for the search box

WORKFLOW ACCESS

Person Edit
- Initiator for the workflow
Edit Person Photo Approval
- Initiator for the workflow

VIS-People-All

Grants visibility for all people in the system. Can view basic information about all people in the system.

Visibility

ACT-Person-Profile-Edit-Customers

Grants the ability to edit the profile attributes for all people below the Customers location.

Activity

Expand

title	Roles needed to manage the profile information of partners

Management Role

Access Granted by Management Role

Role Type

UI-Person-Profile-Edit

Grants people access to the user interfaces and workflows for editing people’s profile attributes.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

Find Person Page
- Viewer for the page
- Viewer for the People Tab
View One Person Page
- Viewer for the page
- Viewer for the Manage Tab
Edit Person Page
- Viewer for the page
Edit Person Contextual Page
- Viewer for the page
Global Search Box
- Viewer for the search box

WORKFLOW ACCESS

Person Edit
- Initiator for the workflow
Edit Person Photo Approval
- Initiator for the workflow

VIS-People-All

Grants visibility for all people in the system. Can view basic information about all people in the system.

Visibility

ACT-Person-Profile-Edit-Partners

Grants the ability to edit the profile attributes for all people below the Partners location.

Activity

Expand

title	Roles needed to manage the profile information of all people

Management Role

Access Granted by Management Role

Role Type

UI-Person-Profile-Edit

Grants people access to the user interfaces and workflows for editing people’s profile attributes.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

Find Person Page
- Viewer for the page
- Viewer for the People Tab
View One Person Page
- Viewer for the page
- Viewer for the Manage Tab
Edit Person Page
- Viewer for the page
Edit Person Contextual Page
- Viewer for the page
Global Search Box
- Viewer for the search box

WORKFLOW ACCESS

Person Edit
- Initiator for the workflow
Edit Person Photo Approval
- Initiator for the workflow

VIS-People-All

Grants visibility for all people in the system. Can view basic information about all people in the system.

Visibility

ACT-Person-Profile-Edit-All

Grants the ability to edit the profile attributes for all people in the system.

Activity

Roles

Needed to Manage the

needed to manage Management Role

Assignments of People

assignments

To manage the Management Role assignments of people, users need to have a combination of the following Management Role assignments (based on the needed scope):

Expand

title	Roles needed by people to manage the Management Role assignments of people and roles in their locations

Management Role	Access Granted by Management Role	Role Type
UI-Management-Role-Membership-Management	Grants access to the user interfaces and workflows for managing the membership of Management Roles.	Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESS Find Person Page Viewer for the page Viewer for the People Tab View One Person Page Viewer for the page Viewer for the Manage Tab Viewer for the Roles, Accounts and Login Security accordion Viewer for the Advanced Attributes Editable Lists Find Management Role Page Viewer for the page Viewer for the All Roles Tab Management Role View One Page Viewer for the page Viewer for the General Tab Viewer for the More Info Accordion Viewer for the People Members of Management Role Grid Resultant Resource Locations Page Viewer for the page WORKFLOW ACCESS Update Person Management Role Assignments Initiator for the workflow Update Management Role Assignments Initiator for the workflow
VIS-Person-MyLocations	Grants visibility for all people in a person's locations. The role is needed when responsible for assigning roles to people in the person’s locations.	Visibility
ACTVIS-Management-Role-Membership-Management-MyLocations	Grants access to manage membership for management visibility for all Management Roles belonging to the same locations.	Visibility
ACT-Management-Role-Membership-Management-MyLocations	Grants access to manage membership for management roles in person's locations.	Activity

Expand

title	Roles needed by people to manage the Management Role assignments of people and roles in their locationsorganizations

Management Role	Access Granted by Management Role	Role Type
UI-Management-Role-Membership-Management	Grants access to the user interfaces and workflows for managing the membership of Management Roles.	Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESS Find Person Page Viewer for the page Viewer for the People Tab View One Person Page Viewer for the page Viewer for the Manage Tab Viewer for the Roles, Accounts and Login Security accordion Viewer for the Advanced Attributes Editable Lists Find Management Role Page Viewer for the page Viewer for the All Roles Tab Management Role View One Page Viewer for the page Viewer for the General Tab Viewer for the More Info Accordion Viewer for the People Members of Management Role Grid Resultant Resource Locations Page Viewer for the page WORKFLOW ACCESS Update Person Management Role Assignments Initiator for the workflow Update Management Role Assignments Initiator for the workflow
VIS-Person-MyLocationsMyOrg	Grants visibility for all people in a person's locationsorganizations. The role is needed when responsible for assigning roles to people in the person’s locationsorganizations.	Visibility
VIS-Management-Role-MyOrg	Grants visibility for all Management Roles belonging to the same organizations.	Visibility
ACT-Management-Role-Membership-Management-MyLocationsMyOrg	Grants access to manage membership for management roles in person's locationsorganization.	Activity

Expand

title	Roles needed by people to manage the Management Role assignments of partners

Management Role

Access Granted by Management Role

Role Type

UI-Management-Role-Membership-Management

Grants access to the user interfaces and workflows for managing the membership of Management Roles.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

Find Person Page
- Viewer for the page
- Viewer for the People Tab
View One Person Page
- Viewer for the page
- Viewer for the Manage Tab
- Viewer for the Roles, Accounts and Login Security accordion
- Viewer for the Advanced Attributes Editable Lists
Find Management Role Page
- Viewer for the page
- Viewer for the All Roles Tab
Management Role View One Page
- Viewer for the page
- Viewer for the General Tab
- Viewer for the More Info Accordion
- Viewer for the People Members of Management Role Grid
Resultant Resource Locations Page
- Viewer for the page

WORKFLOW ACCESS

Update Person Management Role Assignments
- Initiator for the workflow
Update Management Role Assignments
- Initiator for the workflow

VIS-Person-

MyOrg

All	Grants visibility for

people in a person's organizations. The role is needed when responsible for assigning roles to people in the person’s organizations

all people.	Visibility
VIS-Management-

People

Role-All

Grants visibility for all

people in the system. The role is needed when responsible for assigning roles to any person in the system

Management Roles.

Visibility

VIS

ACT-Management-Role-

MyLocations

Membership-Management-Partners

Grants access to

the View pages for Management Roles in a person's locations. The role is needed when responsible for assigning roles that are in the person’s locations.

Visibility

VIS-Management-Role-MyOrg

Grants access to the View pages for Management Roles in a person's organizations. The role is needed when responsible for assigning roles that are in the person’s organizations.

Visibility

VIS

manage membership for management roles in or below the Partners location.

Activity

Expand

title	Roles needed by people to manage the Management Role assignments of all people

Management Role	Access Granted by Management Role	Role Type
UI-Management-Role-

All

Membership-Management

Grants access to the

View pages for all Management Roles in the system. The role is needed when responsible for assigning roles in any location.

Visibility

ACT-Management-Role-Membership-Management-All

Grants access to manage membership for all management roles.

Activity

ACT-Management-Role-Membership-Management-Azure-License-Manager

Grants access to manage membership for all management roles for the Azure License Manager Application

Activity

ACT-Management-Role-Membership-Management-MyOrg

Grants access to manage membership for management roles in person's organization.

Activity

ACT-Management-Role-Membership-Management-Partners

Grants access to manage membership for management roles in or below the Partners location.

Activity

Roles Needed to Manage the Business Role Assignments of People

To manage the Business Role assignments of people, users need to have a combination of the following Management Role assignments (based on the needed scope):

Management Role

Purpose of Management Role

Role Type

UI-Person-Role-Assignment

Grants access to user interface and workflows for managing assignments of people to roles.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

Find Person Page
- Viewer for the page
- Viewer for the People Tab
Person View One Page
- Viewer for the page
- Viewer for the Manage Tab
- Viewer for the Roles, Accounts and Login Security accordion
- Viewer for the Actions accordion
- Viewer for the Advanced Attributes Editable Lists
Find Business Roles and Locations Page
- Viewer for the page
- Viewer for the Business Roles and Locations Tab
- Viewer for the All People in Business Role and Location Accordion
- Viewer for the Net Access Granted By Direct and Inherited Accordion
- Viewer for the Management Role Membership Grid
Resultant Resource Locations Page
- Viewer for the page
Global Search Box
- Viewer for the search box
Shopping Cart
- Viewer for the cart

WORKFLOW ACCESS

Update Person Business Roles
- Initiator for the workflow
Update Business Role and Location Person Assignment
- Initiator for the workflow
Update Person Management Role Assignments
- Initiator for the workflow
Change Primary Business Role and Location Workflow
- Initiator for the workflow
Move People Location Only
- Initiator for the workflow

VIS-BusinessRole-MyLocations

Grants visibility for Business Roles in a person's locations. This role is required to see qualifying Business Roles in the Business Roles trees.

Visibility

VIS-BusinessRole-MyOrg

Grants visibility for Business Roles in a person's organizations. This role is required to see qualifying Business Roles in the Business Roles trees.

Visibility

VIS-BusinessRole-All

Grants visibility for all Business Roles. This role is required to see qualifying Business Roles in the Business Roles trees.

Visibility

VIS-Location-All-Business-Locations

Grants visibility for all locations under All Business Locations. This role is required to see qualifying Locations in the Locations trees.

Visibility

VIS-Location-MyLocationsAndAbove

Grants visibility for the Person's locations and above. This role is required to see qualifying Locations in the Locations trees.

Visibility

VIS-Location-MyLocationsAndBelow

Grants visibility for the Person's locations and below. This role is required to see qualifying Locations in the Locations trees.

Visibility

VIS-Location-All

Grants visibility for all locations in the location trees related to managing shared credentials

user interfaces and workflows for managing the membership of Management Roles.	Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESS Find Person Page Viewer for the page Viewer for the People Tab View One Person Page Viewer for the page Viewer for the Manage Tab Viewer for the Roles, Accounts and Login Security accordion Viewer for the Advanced Attributes Editable Lists Find Management Role Page Viewer for the page Viewer for the All Roles Tab Management Role View One Page Viewer for the page Viewer for the General Tab Viewer for the More Info Accordion Viewer for the People Members of Management Role Grid Resultant Resource Locations Page Viewer for the page WORKFLOW ACCESS Update Person Management Role Assignments Initiator for the workflow Update Management Role Assignments Initiator for the workflow
VIS-Person-All	Grants visibility for all people in the system.	Visibility
VIS-Management-Role-All	Grants visibility for all Management Roles.	Visibility
ACT-Management-Role-Membership-Management-All	Grants access to manage membership for all Management Roles.	Activity

Roles needed to manage Business Role assignments

To manage the Business Role assignments of people, users need to have a combination of the following Management Role assignments (based on the needed scope):

Expand

title	Roles needed by people to manage the Business Role assignments of roles and people in their locations

Management Role	Access Granted by Management Role	Role Type
UI-Person-Role-Assignment	Grants access to user interface and workflows for managing assignments of people to roles.	Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESS Find Person Page Viewer for the page Viewer for the People Tab Person View One Page Viewer for the page Viewer for the Manage Tab Viewer for the Roles, Accounts and Login Security accordion Viewer for the Actions accordion Viewer for the Advanced Attributes Editable Lists Find Business Roles and Locations Page Viewer for the page Viewer for the Business Roles and Locations Tab Viewer for the All People in Business Role and Location Accordion Viewer for the Net Access Granted By Direct and Inherited Accordion Viewer for the Management Role Membership Grid Resultant Resource Locations Page Viewer for the page Global Search Box Viewer for the search box Shopping Cart Viewer for the cart WORKFLOW ACCESS Update Person Business Roles Initiator for the workflow Update Business Role and Location Person Assignment Initiator for the workflow Update Person Management Role Assignments Initiator for the workflow Change Primary Business Role and Location Workflow Initiator for the workflow Move People Location Only Initiator for the workflow
VIS-Person-MyLocations	Grants visibility for all people in a person's locations. The role is needed when responsible for assigning roles to people in the person’s locations.	Visibility
VIS-BusinessRole-MyLocations	Grants visibility for Business Roles in a person's locations. This role is required to see qualifying Business Roles in the Business Roles trees.	Visibility
VIS-Location-MyLocationsAndBelow	Grants visibility for the Person's locations and below. This role is required to see qualifying Locations in the Locations trees.	Visibility
ACT-Business-Role-Assignment-

All

MyLocations

Grants people with the role access to operations for managing assignments of people to business roles in the person's

organizations

locations and below.

Activity

ACT-Business-Role-Assignment-MyLocations

Grants people with the role access to operations for managing assignments of people to business roles in the person's locations and below.

Activity

ACT-Business-Role-Assignment-MyOrg

Grants people with the role access to operations

Expand

title	Roles needed by people to manage the Business Role assignments of roles and people in their organizations

Management Role	Access Granted by Management Role	Role Type
UI-Person-Role-Assignment	Grants access to user interface and workflows for managing assignments of people to

business

roles

in the person's organizations.

Activity

Roles Needed to Add People to Groups

To manage the group membership of people, users need to have the following Management Role assignment:

Management Role

Purpose of Management Role

Role Type

UI-Group-Membership-Management

Grants access to user interface and workflows user interface and workflows for group membership management.

Feature Set — Inherits the below

.	Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESS Find

Group

Person Page
- Viewer for the page
- Viewer for the

All Groups

- People Tab

Viewer for the Groups I Manage Tab

Group

Person View One Page
- Viewer for the page
- Viewer for the

General

- Manage Tab
- Viewer for the

Membership Changes Tab

- Roles, Accounts and Login Security accordion
- Viewer for the

Members Grid

WORKFLOW ACCESS

Add People to Groups
- Initiator for the workflow
Update Person Group Membership
- Initiator for the workflow
Add Accounts to Groups
- Initiator for the workflow
Update Group Account Membership
- Initiator for the workflow
Add Groups to Group
- Initiator for the workflow
Remove Groups from Group
- Initiator for the workflow
Remove Service Principal From Groups
- Initiator for the workflow
Temporary Group Membership
- Initiator for the workflow

VIS-Groups-All

Grants visibility for all groups.

Visibility

VIS-Groups-All-AD

Grants visibility for all AD groups.

Visibility

VIS-Groups-All-AWS

Grants visibility for all AWS groups.

Visibility

VIS-Groups-All-Azure

Grants visibility for all Azure groups in any tenant.

Visibility

VIS-Groups-All-IT-Systems

Grants visibility for all groups. under All IT Systems.

Visibility

VIS-Groups-All-O365

Grants visibility for all Office 365 groups.

Visibility

VIS-Groups-All-SAP

Grants visibility for all SAP Roles and Profiles.

Visibility

VIS-Groups-Distribution-MyLocation

Grants visibility for all Distribution groups in a person’s locations.

Visibility

VIS-Groups-Distribution-MyOrg

Grants visibility for all Distribution groups in a person’s organizations.

Visibility

VIS-Groups-Generic-MyLocation

Grants visibility for all Generic groups in a person’s locations.

Visibility

VIS-Groups-Generic-MyOrg

Grants visibility for all Generic groups in a person’s organizations.

Visibility

VIS-Groups-Security-MyLocation

Grants visibility for all Security groups in a person’s locations.

Visibility

VIS-Groups-Security-MyOrg

Grants visibility for all Security groups in a person’s organizations.

Visibility

ACT-Group-Membership-Management-All-Groups

Grants people with the role access to manage membership for all groups

ACT-Group-Membership-Management-All-AD-Groups

Grants people with the role access to manage membership for all Active Directory groups.

Activity

ACT-Group-Membership-Management-All-AWS-Groups

Grants people with the role access to manage membership for all AWS groups.

Activity

ACT-Group-Membership-Management-All-IT-Systems

Grants people with the role access to manage group membership for all groups under All IT Systems.

Activity

ACT-Group-Membership-Management-All-O365-Groups

Grants people with the role access to manage membership for all Office 365 groups.

Activity

ACT-Group-Membership-Management-All-SAP-Groups

Grants people with the role access to manage membership for all SAP Roles and Profiles.

Activity

ACT-Group-Membership-Management-Distribution-MyLocations

Grants people with the role access to manage membership for all distribution groups in person's locations.

Activity

ACT-Group-Membership-Management-Distribution-MyOrganizations

Grants people with the role access to manage membership for all distribution groups in person's organizations.

Activity

ACT-Group-Membership-Management-Generic-MyLocations

Grants people with the role access to manage membership for all generic groups in person's locations.

Activity

ACT-Group-Membership-Management-Generic-MyOrganizations

Grants people with the role access to manage membership for all generic groups in person's organizations.

Activity

ACT-Group-Membership-Management-Security-MyLocations

Grants people with the role access to manage membership for all security groups in person's locations.

Activity

ACT-Group-Membership-Management-Security-MyOrganizations

Grants people with the role access to manage membership for all security groups in person's organizations.

Activity

Roles Needed to Create Person Objects

To create new Person objects in EmpowerID, users need to have a combination of the following Management Role assignments (based on the needed scope):

Actions accordion Viewer for the Advanced Attributes Editable Lists Find Business Roles and Locations Page Viewer for the page Viewer for the Business Roles and Locations Tab Viewer for the All People in Business Role and Location Accordion Viewer for the Net Access Granted By Direct and Inherited Accordion Viewer for the Management Role Membership Grid Resultant Resource Locations Page Viewer for the page Global Search Box Viewer for the search box Shopping Cart Viewer for the cart WORKFLOW ACCESS Update Person Business Roles Initiator for the workflow Update Business Role and Location Person Assignment Initiator for the workflow Update Person Management Role Assignments Initiator for the workflow Change Primary Business Role and Location Workflow Initiator for the workflow Move People Location Only Initiator for the workflow
VIS-Person-MyOrg	Grants visibility for people in a person's organizations. The role is needed when responsible for assigning roles to people in the person’s organizations.	Visibility
VIS-BusinessRole-MyOrg	Grants visibility for Business Roles in a person's organizations. This role is required to see qualifying Business Roles in the Business Roles trees.	Visibility
VIS-Location-All-Business-Locations	Grants visibility for all locations under All Business Locations. This role is required to see qualifying Locations in the Locations trees.	Visibility
VIS-Location-MyLocationsAndAbove	Grants visibility for the Person's locations and above. This role is required to see qualifying Locations in the Locations trees.	Visibility
ACT-Business-Role-Assignment-MyOrg	Grants people with the role access to operations for managing assignments of people to business roles in the person's organizations.	Activity

Expand

title	Roles needed by people to manage all Business Role assignments

Management Role	Access Granted by Management Role	Role Type
UI-Person-Role-Assignment	Grants access to user interface and workflows for managing assignments of people to roles.	Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESS Find Person Page Viewer for the page Viewer for the People Tab Person View One Page Viewer for the page Viewer for the Manage Tab Viewer for the Roles, Accounts and Login Security accordion Viewer for the Actions accordion Viewer for the Advanced Attributes Editable Lists Find Business Roles and Locations Page Viewer for the page Viewer for the Business Roles and Locations Tab Viewer for the All People in Business Role and Location Accordion Viewer for the Net Access Granted By Direct and Inherited Accordion Viewer for the Management Role Membership Grid Resultant Resource Locations Page Viewer for the page Global Search Box Viewer for the search box Shopping Cart Viewer for the cart WORKFLOW ACCESS Update Person Business Roles Initiator for the workflow Update Business Role and Location Person Assignment Initiator for the workflow Update Person Management Role Assignments Initiator for the workflow Change Primary Business Role and Location Workflow Initiator for the workflow Move People Location Only Initiator for the workflow
VIS-Person-All	Grants visibility for all people in the system.	Visibility
VIS-BusinessRole-All	Grants visibility for all Business Roles. This role is required to see qualifying Business Roles in the Business Roles trees.	Visibility
VIS-Location-All	Grants visibility for all locations in the location trees related to managing shared credentials. This role is required to see qualifying Locations in the Locations trees.	Visibility
ACT-Business-Role-Assignment-All	Grants people with the role access to operations for managing assignments of people to business roles in the person's organizations.	Activity

Roles needed to manage group membership

To manage the group membership of people, users need to have the following Management Role assignment:

Expand

title	Roles needed by people to manage the group membership of people and groups belonging to their locations

Management Role	Access Granted by Management Role	Role Type
UI-Group-Membership-Management	Grants access to user interface and workflows user interface and workflows for group membership management.	Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESS Find Group Page Viewer for the page Viewer for the All Groups Tab Viewer for the Groups I Manage Tab Group View One Page Viewer for the page Viewer for the General Tab Viewer for the Membership Changes Tab Viewer for the Members Grid WORKFLOW ACCESS Add People to Groups Initiator for the workflow Update Person Group Membership Initiator for the workflow Add Accounts to Groups Initiator for the workflow Update Group Account Membership Initiator for the workflow Add Groups to Group Initiator for the workflow Remove Groups from Group Initiator for the workflow Remove Service Principal From Groups Initiator for the workflow Temporary Group Membership Initiator for the workflow
VIS-Person-MyLocations	Grants visibility for all people in a person's locations. The role is needed when responsible for assigning roles to people in the person’s locations.	Visibility
VIS-Groups-Security-MyLocation	Grants visibility for all Security groups in a person’s locations.	Visibility
VIS-Groups-Distribution-MyLocation	Grants visibility for all Distribution groups in a person’s locations.	Visibility
VIS-Groups-Generic-MyLocation	Grants visibility for all Generic groups in a person’s locations.	Visibility
ACT-Group-Membership-Management-Distribution-MyLocations	Grants people with the role access to manage membership for all distribution groups in person's locations.	Activity
ACT-Group-Membership-Management-Generic-MyLocations	Grants people with the role access to manage membership for all generic groups in person's locations.	Activity
ACT-Group-Membership-Management-Security-MyLocations	Grants people with the role access to manage membership for all security groups in person's locations.	Activity

Expand

title	Roles needed by people to manage the group membership of people and groups belonging to their organizations

Management Role	Access Granted by Management Role	Role Type
UI-Group-Membership-Management	Grants access to user interface and workflows user interface and workflows for group membership management.	Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESS Find Group Page Viewer for the page Viewer for the All Groups Tab Viewer for the Groups I Manage Tab Group View One Page Viewer for the page Viewer for the General Tab Viewer for the Membership Changes Tab Viewer for the Members Grid WORKFLOW ACCESS Add People to Groups Initiator for the workflow Update Person Group Membership Initiator for the workflow Add Accounts to Groups Initiator for the workflow Update Group Account Membership Initiator for the workflow Add Groups to Group Initiator for the workflow Remove Groups from Group Initiator for the workflow Remove Service Principal From Groups Initiator for the workflow Temporary Group Membership Initiator for the workflow
VIS-Person-MyOrg	Grants visibility for people in a person's organizations. The role is needed when responsible for assigning roles to people in the person’s organizations.	Visibility
VIS-Groups-Security-MyOrg	Grants visibility for all Security groups in a person’s organizations.	Visibility
VIS-Groups-Distribution-MyOrg	Grants visibility for all Distribution groups in a person’s organizations.	Visibility
VIS-Groups-Generic-MyOrg	Grants visibility for all Generic groups in a person’s organizations.	Visibility
ACT-Group-Membership-Management-Security-MyOrganizations	Grants people with the role access to manage membership for all security groups in person's organizations.	Activity
ACT-Group-Membership-Management-Distribution-MyOrganizations	Grants people with the role access to manage membership for all distribution groups in person's organizations.	Activity
ACT-Group-Membership-Management-Generic-MyOrganizations	Grants people with the role access to manage membership for all generic groups in person's organizations.	Activity

Expand

title	Roles needed by people to manage all group memberships

Management Role	Access Granted by Management Role	Role Type
UI-Group-Membership-Management	Grants access to user interface and workflows user interface and workflows for group membership management.	Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESS Find Group Page Viewer for the page Viewer for the All Groups Tab Viewer for the Groups I Manage Tab Group View One Page Viewer for the page Viewer for the General Tab Viewer for the Membership Changes Tab Viewer for the Members Grid WORKFLOW ACCESS Add People to Groups Initiator for the workflow Update Person Group Membership Initiator for the workflow Add Accounts to Groups Initiator for the workflow Update Group Account Membership Initiator for the workflow Add Groups to Group Initiator for the workflow Remove Groups from Group Initiator for the workflow Remove Service Principal From Groups Initiator for the workflow Temporary Group Membership Initiator for the workflow
VIS-Person-All	Grants visibility for all people in the system.	Visibility
VIS-Groups-All	Grants visibility for all groups.	Visibility
ACT-Group-Membership-Management-All-Groups	Grants people with the role access to manage membership for all groups

Expand

title	Additional Group Management Roles that can used with any of the above roles depending on the needed scope

Management Role	Purpose of Management Role	Role Type
VIS-Groups-All-AD	Grants visibility for all AD groups.	Visibility
VIS-Groups-All-AWS	Grants visibility for all AWS groups.	Visibility
VIS-Groups-All-Azure	Grants visibility for all Azure groups in any tenant.	Visibility
VIS-Groups-All-IT-Systems	Grants visibility for all groups. under All IT Systems.	Visibility
VIS-Groups-All-O365	Grants visibility for all Office 365 groups.	Visibility
VIS-Groups-All-SAP	Grants visibility for all SAP Roles and Profiles.	Visibility
ACT-Group-Membership-Management-All-AD-Groups	Grants people with the role access to manage membership for all Active Directory groups.	Activity
ACT-Group-Membership-Management-All-AWS-Groups	Grants people with the role access to manage membership for all AWS groups.	Activity
ACT-Group-Membership-Management-All-IT-Systems	Grants people with the role access to manage group membership for all groups under All IT Systems.	Activity
ACT-Group-Membership-Management-All-O365-Groups	Grants people with the role access to manage membership for all Office 365 groups.	Activity
ACT-Group-Membership-Management-All-SAP-Groups	Grants people with the role access to manage membership for all SAP Roles and Profiles.	Activity

Roles Needed to Create Person Objects

To create new Person objects in EmpowerID, users need to have a combination of the following Management Role assignments (based on the needed scope):

Expand

title	Roles needed by people to create new people in their locations

Management Role	Access Granted by Management Role	Role Type
UI-Person-Object-Create	Grants access to the user interfaces and workflows to create Person objects.	Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESS Find Person Page Viewer for the page Viewer for the People Tab View One Person Page Viewer for the page Viewer for the Manage Tab Edit Person Page Viewer for the page Create Person Simple Page Viewer for the page Create Person Advanced Edit One Page Viewer for the page WORKFLOW ACCESS Create Person Initiator for the workflow
VIS-Person-MyLocations	Grants visibility for all people in a person's locations. Visibility is needed to access the Action links for the opening the Create Person Simple page and the Create Person Advanced Edit One page.	Visibility
VIS-BusinessRole-MyLocations	Grants visibility for Business Roles in a person's locations. This role is required to see qualifying Business Roles in the Business Roles trees. All people must have a Business Role.	Visibility
VIS-Location-MyLocationsAndBelow	Grants visibility for the Person's locations and below. This role is required to see qualifying Locations in the Locations trees. All people must belong to a location.	Visibility
ACT-Business-Role-Assignment-MyLocations	Grants people with the role access to operations for managing assignments of people to business roles in the person's locations and below.	Activity
Additionally, if running the Create Person Advanced workflow and assigning Management Roles to the person, user need the following additional roles:
VIS-Management-Role-MyLocations	Grants visibility for Management Roles belonging to the same locations as the current person. If the Management Roles do not meet this criteria, they are not visible.	Visibility
ACT-Management-Role-Membership-Management-MyLocations	Grants access to manage membership for all Management Roles belonging to the same location as the current person.	Activity

Expand

title	Roles needed by people to create new people in their organizations

Management Role	Access Granted by Management Role	Role Type
UI-Person-Object-Create	Grants access to the user interfaces and workflows to create Person objects.	Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESS Find Person Page Viewer for the page Viewer for the People Tab View One Person Page Viewer for the page Viewer for the Manage Tab Edit Person Page Viewer for the page Create Person Simple Page Viewer for the page Create Person Advanced Edit One Page Viewer for the page WORKFLOW ACCESS Create Person Initiator for the workflow
VIS-Person-MyOrg	Grants visibility for people in a person's organizations. Visibility is needed to access the Action links for the opening the Create Person Simple page and the Create Person Advanced Edit One page.	Visibility
VIS-BusinessRole-MyOrg	Grants visibility for Business Roles in a person's organizations. This role is required to see qualifying Business Roles in the Business Roles trees.	Visibility
VIS-Location-All-Business-Locations	Grants visibility for all locations under All Business Locations. This role is required to see qualifying Locations in the Locations trees.	Visibility
VIS-Location-MyLocationsAndAbove	Grants visibility for the Person's locations and above. This role is required to see qualifying Locations in the Locations trees.	Visibility
VIS-Location-MyLocationsAndBelow	Grants visibility for the Person's locations and below. This role is required to see qualifying Locations in the Locations trees.	Visibility
ACT-Business-Role-Assignment-MyOrg	Grants people with the role access to operations for managing assignments of people to business roles in the person's organizations.	Activity
Additionally, if running the Create Person Advanced workflow and assigning Management Roles to the person, user need the following additional roles:
VIS-Management-Role-MyOrg	Grants visibility for Management Roles belonging to the same organizations as the current person.	Visibility
ACT-Management-Role-Membership-Management-MyOrg	Grants access to manage membership for all Management Roles belonging to the same organizations as the current person.	Activity

Expand

title	Roles needed by people to create new people in any location

Management Role	Access Granted by Management Role	Role Type
UI-Person-Object-Create	Grants access to the user interfaces and workflows to create Person objects.	Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESS Find Person Page Viewer for the page Viewer for the People Tab View One Person Page Viewer for the page Viewer for the Manage Tab Edit Person Page Viewer for the page Create Person Simple Page Viewer for the page Create Person Advanced Edit One Page Viewer for the page WORKFLOW ACCESS Create Person Initiator for the workflow
VIS-Person-All	Grants visibility for all people in the system. Visibility is needed to access the Action links for the opening the Create Person Simple page and the Create Person Advanced Edit One page.	Visibility
VIS-BusinessRole-All	Grants visibility for all Business Roles. This role is required to see qualifying Business Roles in the Business Roles trees.	Visibility
VIS-Location-All	Grants visibility for all locations in the system. This role is required to see qualifying Locations in the Locations trees.	Visibility
ACT-Business-Role-Assignment-All	Grants people with the role access to operations for managing assignments of people to any business role.	Activity
Additionally, if running the Create Person Advanced workflow and assigning Management Roles to the person, user need the following additional roles:
VIS-Management-Role-All	Grants visibility for all Management Roles.	Visibility
ACT-Management-Role-Membership-Management-All	Grants access to manage membership for all Management Roles.	Activity

Roles Needed to Administer People

To perform administrative actions against people, such as creating and deleting them from EmpowerID, users need to have a combination of the following Management Role assignments (based on the needed scope):

Expand

title	Roles needed by people to administer people belonging to their locations

Management Role

Access Granted by Management Role

Role Type

UI-Person-Object-Administration

Grants access to the user interfaces and workflows for person object management.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

Find Person Page
- Viewer for the page
- Viewer for the People Tab
- Viewer for the Deleted People Tab
- Viewer for the Pending Termination Tab
View One Person Page
- Viewer for the page
- Viewer for the Manage Tab
- Viewer for the Org Chart Accordion
- Viewer for the Actions Accordion
- Viewer for the Advanced Attributes Editable Lists
Edit Person Page
- Viewer for the page
- Viewer for the Photo Edit Control
Edit Person Contextual Page
- Viewer for the page
Create Person Simple Page
- Viewer for the page
Create Person Advanced Edit One Page
- Viewer for the page
Resultant Resource Locations Page
- Viewer for the control
Navbar
- Viewer for the navbar
- Viewer for the Navbar User Sections
- Viewer for the Navbar Support Help Section
Global Search Box
- Viewer for the search box

WORKFLOW ACCESS

Create Person
- Initiator for the workflow
Person Edit
- Initiator for the workflow
Disable Multiple People WF
- Initiator for the workflow
Enable People
- Initiator for the workflow
Update Person Relationships
- Initiator for the workflow
Reset Password and Email
- Initiator for the workflow
Invite User to Join Organization
- Initiator for the workflow
Person Photo Approval
- Initiator for the workflow
Delete Multiple People with Options
- Initiator for the workflow
Restore Multiple Deleted People
- Initiator for the workflow

VIS-Person-MyLocations

Grants visibility for all people in a person's locations. Visibility is needed to access the Action links for the appropriate workflow and pages related to person management.

Visibility

ACT-Person-Object-Administration-MyLocations

Grants people with the role access to create, update, and delete people belonging to the same locations.

Activity

Expand

title	Roles needed by people to administer people belonging to their organizations

Management Role	Access Granted by Management Role	Role Type
UI-Person-Object-

Create

Administration

Grants access to the user interfaces and workflows

to create Person objects

for person object management.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

Find Person Page
- Viewer for the page
- Viewer for the People Tab
- Viewer for the

page

- Deleted People Tab
- Viewer for the

People

- Pending Termination Tab
View One Person Page
- Viewer for the page
- Viewer for the Manage Tab

Edit Person Page

- Viewer for the Org Chart Accordion
- Viewer for the

pageCreate Person Simple Page

- Actions Accordion
- Viewer for the

pageCreate Person Advanced Edit One

- Advanced Attributes Editable Lists
Edit Person Page
- Viewer for the page

WORKFLOW ACCESS

Create Person
- Initiator for the workflow

VIS-Person-MyLocations

Grants visibility for all people in a person's locations. The role is needed when responsible for assigning roles to people in the person’s locations.

Visibility

VIS-Person-MyOrg

Grants visibility for people in a person's organizations. The role is needed when responsible for assigning roles to people in the person’s organizations.

Visibility

VIS-Person-MyDirectReports

Grants visibility for all direct reports of the person with the role. The role is needed when responsible for assigning roles to direct reports.

Visibility

VIS-People-All

Grants visibility for all people in the system. The role is needed when responsible for assigning roles to any person in the system.

Visibility

VIS-Management-Role-All

Grants access to the View pages for all people in the system. The role is needed when responsible for assigning roles in any location.

Visibility

ACT-Management-Role-Membership-Management-All

Grants access to manage membership for all management roles.

Activity

ACT-Management-Role-Membership-Management-Azure-License-Manager

Grants access to manage membership for all management roles for the Azure License Manager Application

Activity

ACT-Management-Role-Membership-Management-MyLocations

Grants access to manage membership for management roles in person's locations.

Activity

ACT-Management-Role-Membership-Management-MyOrg

Grants access to manage membership for management roles in person's organization.

Activity

ACT-Management-Role-Membership-Management-Partners

Grants access to manage membership for management roles in or below the Partners location.

Activity

Roles Needed to Administer Person Objects

To perform administrative actions against person objects, such as creating and deleting them from EmpowerID, users need to have a combination of the following Management Role assignments (based on the needed scope):

- Viewer for the Photo Edit Control
Edit Person Contextual Page
- Viewer for the page
Create Person Simple Page
- Viewer for the page
Create Person Advanced Edit One Page
- Viewer for the page
Resultant Resource Locations Page
- Viewer for the control
Navbar
- Viewer for the navbar
- Viewer for the Navbar User Sections
- Viewer for the Navbar Support Help Section
Global Search Box
- Viewer for the search box

WORKFLOW ACCESS

Create Person
- Initiator for the workflow
Person Edit
- Initiator for the workflow
Disable Multiple People WF
- Initiator for the workflow
Enable People
- Initiator for the workflow
Update Person Relationships
- Initiator for the workflow
Reset Password and Email
- Initiator for the workflow
Invite User to Join Organization
- Initiator for the workflow
Person Photo Approval
- Initiator for the workflow
Delete Multiple People with Options
- Initiator for the workflow
Restore Multiple Deleted People
- Initiator for the workflow

VIS-Person-MyOrg

Grants visibility for all people in a person's locations. Visibility is needed to access the Action links for the appropriate workflow and pages related to person management.

Visibility

ACT-Person-Object-Administration-MyOrg

Grants people with the role access to create, update, and delete people belonging to the same locations.

Activity

Expand

title	Roles needed by people to administer partners and customers

Management Role

Access Granted by Management Role

Role Type

UI-Person-Object-Administration

Grants access to the user interfaces and workflows for person object management.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

Find Person Page
- Viewer for the page
- Viewer for the People Tab
- Viewer for the Deleted People Tab
- Viewer for the Pending Termination Tab
View One Person Page
- Viewer for the page
- Viewer for the Manage Tab
- Viewer for the Org Chart Accordion
- Viewer for the Actions Accordion
- Viewer for the Advanced Attributes Editable Lists
Edit Person Page
- Viewer for the page
- Viewer for the Photo Edit Control
Edit Person Contextual Page
- Viewer for the page
Create Person Simple Page
- Viewer for the page
Create Person Advanced Edit One Page
- Viewer for the page
Resultant Resource Locations Page
- Viewer for the control
Navbar
- Viewer for the navbar
- Viewer for the Navbar User Sections
- Viewer for the Navbar Support Help Section
Global Search Box
- Viewer for the search box

WORKFLOW ACCESS

Create Person
- Initiator for the workflow
Person Edit
- Initiator for the workflow
Disable Multiple People WF
- Initiator for the workflow
Enable People
- Initiator for the workflow
Update Person Relationships
- Initiator for the workflow
Reset Password and Email
- Initiator for the workflow
Invite User to Join Organization
- Initiator for the workflow
Person Photo Approval
- Initiator for the workflow
Delete Multiple People with Options
- Initiator for the workflow
Restore Multiple

People with Options

Initiator for the workflow

Restore Multiple Deleted People

Initiator for the workflow

VIS-Person-MyLocations

Grants visibility for all people in a person's locations. The role is needed when responsible for assigning roles to people in the person’s locations.

Visibility

VIS-Person-MyOrg

Grants visibility for people in a person's organizations. The role is needed when responsible for assigning roles to people in the person’s organizations.

Visibility

VIS-Person-MyDirectReports

Grants visibility for all direct reports of the person with the role. The role is needed when responsible for assigning roles to direct reports.

Visibility

VIS-People-All

Grants visibility for all people in the system. The role is needed when responsible for assigning roles to any person in the system.

Visibility

VIS-Management-Role-MyLocations

Grants access to the View pages for Management Roles in a person's locations. The role is needed when responsible for assigning roles that are in the person’s locations.

Visibility

VIS-Management-Role-MyOrg

Grants access to the View pages for people in a person's organizations. The role is needed when responsible for assigning roles that are in the person’s organizations.

Visibility

VIS-Management-Role-All

Grants access to the View pages for all people in the system. The role is needed when responsible for assigning roles in any location.

Visibility

ACT-Management-Role-Membership-Management-All

Grants access to manage membership for all management roles.

Activity

ACT-Management-Role-Membership-Management-Azure-License-Manager

Grants access to manage membership for all management roles for the Azure License Manager Application

Activity

ACT-Management-Role-Membership-Management-MyLocations

Grants access to manage membership for management roles in person's locations.

Activity

ACT-Management-Role-Membership-Management-MyOrg

Grants access to manage membership for management roles in person's organization.

Activity

ACT-Management-Role-Membership-Management-Partners

Grants access to manage membership for management roles in or below the Partners location

Deleted People Initiator for the workflow
VIS-Person-All	Grants visibility for all people. Visibility is needed to access the Action links for the appropriate workflow and pages related to person management.	Visibility
ACT-Person-Object-Administration-Partners	Grants people with the role access to create, update, and delete all people below the Partners location.	Activity
ACT-Person-Object-Administration-Customers	Grants people with the role access to create, update, and delete all people below the Customers location.	Activity

Expand

title	Roles needed by people to administer all people

Management Role

Access Granted by Management Role

Role Type

UI-Person-Object-Administration

Grants access to the user interfaces and workflows for person object management.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

Find Person Page
- Viewer for the page
- Viewer for the People Tab
- Viewer for the Deleted People Tab
- Viewer for the Pending Termination Tab
View One Person Page
- Viewer for the page
- Viewer for the Manage Tab
- Viewer for the Org Chart Accordion
- Viewer for the Actions Accordion
- Viewer for the Advanced Attributes Editable Lists
Edit Person Page
- Viewer for the page
- Viewer for the Photo Edit Control
Edit Person Contextual Page
- Viewer for the page
Create Person Simple Page
- Viewer for the page
Create Person Advanced Edit One Page
- Viewer for the page
Resultant Resource Locations Page
- Viewer for the control
Navbar
- Viewer for the navbar
- Viewer for the Navbar User Sections
- Viewer for the Navbar Support Help Section
Global Search Box
- Viewer for the search box

WORKFLOW ACCESS

Create Person
- Initiator for the workflow
Person Edit
- Initiator for the workflow
Disable Multiple People WF
- Initiator for the workflow
Enable People
- Initiator for the workflow
Update Person Relationships
- Initiator for the workflow
Reset Password and Email
- Initiator for the workflow
Invite User to Join Organization
- Initiator for the workflow
Person Photo Approval
- Initiator for the workflow
Delete Multiple People with Options
- Initiator for the workflow
Restore Multiple Deleted People
- Initiator for the workflow

VIS-Person-All

Grants visibility for all people. Visibility is needed to access the Action links for the appropriate workflow and pages related to person management.

Visibility

ACT-Person-Object-Administration-All

Grants people with the role access to create, update, and delete all people.

Activity

Div

style	float: left; position: fixed;

Live Search

size	large
labels	2020,admin

IN THIS ARTICLE

Table of Contents

minLevel	2
maxLevel	3
style	none

Insert excerpt

	IL:External Stylesheet
	IL:External Stylesheet
nopanel	true

Page Comparison

Versions Compared

Old Version 6

New Version 7

Key

Roles

needed to view self profile

PAGES AND CONTROLS ACCESS

WORKFLOW ACCESS

Roles

needed to manage profiles

PAGES AND CONTROLS ACCESS

WORKFLOW ACCESS

PAGES AND CONTROLS ACCESS

WORKFLOW ACCESS

PAGES AND CONTROLS ACCESS

WORKFLOW ACCESS

PAGES AND CONTROLS ACCESS

WORKFLOW ACCESS

PAGES AND CONTROLS ACCESS

WORKFLOW ACCESS

PAGES AND CONTROLS ACCESS

WORKFLOW ACCESS

Roles

needed to manage Management Role

assignments

PAGES AND CONTROLS ACCESS

WORKFLOW ACCESS

PAGES AND CONTROLS ACCESS

WORKFLOW ACCESS

PAGES AND CONTROLS ACCESS

WORKFLOW ACCESS

Roles Needed to Manage the Business Role Assignments of People

PAGES AND CONTROLS ACCESS

WORKFLOW ACCESS

PAGES AND CONTROLS ACCESS

WORKFLOW ACCESS

Roles needed to manage Business Role assignments

PAGES AND CONTROLS ACCESS

WORKFLOW ACCESS

Roles Needed to Add People to Groups

PAGES AND CONTROLS ACCESS

WORKFLOW ACCESS

Roles Needed to Create Person Objects

WORKFLOW ACCESS

PAGES AND CONTROLS ACCESS

WORKFLOW ACCESS

Roles needed to manage group membership

PAGES AND CONTROLS ACCESS

WORKFLOW ACCESS

PAGES AND CONTROLS ACCESS

WORKFLOW ACCESS

PAGES AND CONTROLS ACCESS

WORKFLOW ACCESS

Roles Needed to Create Person Objects

PAGES AND CONTROLS ACCESS

WORKFLOW ACCESS

PAGES AND CONTROLS ACCESS

WORKFLOW ACCESS

PAGES AND CONTROLS ACCESS

WORKFLOW ACCESS

Roles Needed to Administer People

PAGES AND CONTROLS ACCESS

WORKFLOW ACCESS

PAGES AND CONTROLS ACCESS

WORKFLOW ACCESS

Roles Needed to Administer Person Objects

WORKFLOW ACCESS

PAGES AND CONTROLS ACCESS

WORKFLOW ACCESS

PAGES AND CONTROLS ACCESS

WORKFLOW ACCESS