To add account to Business Roles and Locations using the PBAC membership policy, we need to follow the below steps:
Add a PBAC attribute to an account – PBAC field type or an attribute is a connector used to connect an EmpowerID actor like a account to a PBAC membership policy target such as a business role and location.
Create a PBAC membership policy for a business role and location – It is required to create a PBAC membership policy so that we can use it for a target type ( e.g., a business role and location ).
Add the same PBAC attribute to the policy – PBAC field type or attribute should be added to a PBAC membership policy, for connecting it to an EmpowerID actor.
Wait for policy compilation and verify the result – Once the policy is compiled the person corresponding to the account will be added to the business role and location.
Add a PBAC field Type or Attribute to an Account
On the navbar, expand Identity Administration and select User Accounts.
Search for an account to that you want to add a PBAC field Type.
Click on the account’s logon name link to open the view-one page for the account.
Click on the PBAC attribute assignments on the left menu. After that click on the + icon to add a PBAC attribute. Select the radio button Attribute Only, search for the name of the attribute and select the two check boxes for values of attribute (sales and IT). Click Save.
This will add this attribute to the account.
Create a PBAC membership policy for a Business Role and Location
PBAC Membership policies can be created on the view one page of the business role and location that is the target of the policy. In the below example, we demonstrate how to create a policy using the view-one page of a business role and location that is the target of the policy.
On the navbar, expand Role Management and select Business Role and Location.
Select the tab Allowed Combinations.
Select a business role and location name.
Click on the business role and location Name hyperlink to open the management role’s view-one page. Select the Advanced tab and scroll down to select Attribute-Based Membership Policies..
Click on the + icon in the above image to create a new membership policy for this business role and location. The below page will open. Enter the name of the policy, select a policy type. Check the IsEnable check box. Select the minute interval (say 15 min) and click on Save.
This will create the PBAC membership policy and queue it for compilation.
Add a PBAC Attribute to a PBAC Membership Policy
You can add a PBAC attribute to an existing PBAC membership policy. Click on the Name link of the PBAC Membership policy you want to add an attribute to. This will open the view-one page of this PBAC membership policy. Select the Attribute Conditions (Field Types) link.
Click on the + icon to add an attribute to this policy that you added to the person earlier. Search for the name of the PBAC membership policy and select it. Select the two values ( sales and IT) check boxes. Select the checkbox If matches all values. Click Save.
The attribute is now added to the PBAC membership policy type.
Verify the Result
After the PBAC membership policy is compiled, it will add the person corresponding to the account to the business role and location. This can be checked at the view-one page of the business role and location ( for which the policy was created). Select the All People in business role and location link. We can see that the person corresponding to the account ( to which the PBAC attribute was added) is now member of this business role and location.