You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 2
Next »
EmpowerID restricts access to the IT Shop and the resources and the visibility of resources in it through the use of Management Roles. To access the IT Shop and request resources, users must be assigned to the appropriate roles. Management Roles are prefixed by their function in EmpowerID and include the following:
UI — Management Roles prefixed with UI grant users access to specific UI elements in the EmpowerID Web interface. An example of this type of role for the IT Shop is UI-IT-Shop-Full-Access. This role grants full access to the user interfaces and workflows for requesting access to resources as well as for managing resources.
VIS — Management Roles prefixed with VIS grant users the ability to see specific object types in EmpowerID. For users to see resources of a specific type in the IT Shop they need to have a VIS role for that resource type. An example of this type of role for the IT Shop is VIS-Computer-MyLocations. This role grants access to see computers that belong to same location as the person with the role.
ACT — Management Roles prefixed with ACT grant users the ability to manage specific objects in EmpowerID. An example of this type of role for resource management in EmpowerID is ACT-Computer-Shared-Credential-Assigner-MyLocations. This role grants users with the role the ability to assign and unassign shared credentials to computers in the person's locations.
Roles needed to Access the IT Shop
To access the IT Shop, users need to have one of the below Management Role assignments (based on the needed scope):
Management Role | Access Granted by Management Role |
---|
UI-IT-Shop-Limited-Access | Grants limited access to the IT Shop workflows and user interface to allow access requests. |
UI-IT-Shop-Full-Access | Grants full access to the IT Shop workflows and user interface to allow access requests and resource management. |
Roles needed to Request Access to Resources in the IT Shop
To shop for resources in the IT Shop, users need to have a combination of the following Management Role assignments (based on the needed scope). Roles needed are grouped by resource type.
Application
VIS-Application-All — Grants users with the role the ability to see all applications and subcomponents
VIS-Applications-MyLocations — Grants users with the role the ability to see applications and their subcomponents in their locations
VIS-Application-MyOrganization — Grants users with the role the ability to see applications and their subcomponents in their organizations
Business Role
VIS-BusinessRole-All — Grants users with the role the ability to see all Business Roles
VIS-BusinessRole-MyLocations — Grants users with the role the ability to see Business Roles in their locations
VIS-BusinessRole-MyOrgs — Grants users with the role the ability to see Business Roles in their organizations
Computer
VIS-Computer-All — Grants users with the role the ability to see all computers
VIS-Computer-MyLocations — Grants users with the role the ability to see computers in their locations
VIS-Computer-MyOrg — Grants users with the role the ability to see computers in their organizations
VIS-Computer-WhereLocalAdmin — Grants users with the role the ability to see computers where they are members of the local admins group
Exchange Mailbox
VIS-Mailbox-All — Grants users with the role the ability to see all mailboxes
VIS-Mailbox-MyLocations — Grants users with the role the ability to see mailboxes in their locations
VIS-Mailbox-MyOrg — Grants users with the role the ability to see mailboxes in their organizations
Group
VIS-Groups-All — Grants users with the role the ability to see all groups
VIS-Groups-All-AD— Grants users with the role the ability to see all AD groups
VIS-Groups-All-AWS — Grants users with the role the ability to see all AWS groups
VIS-Groups-All-IT-Systems — Grants users with the role the ability to see all groups under the All IT Systems location
VIS-Groups-All-O365 — Grants users with the role the ability to see all Office 365 groups
VIS-Groups-All-SAP — Grants users with the role the ability to see all SAP Roles and Profiles
VIS-Groups-Distribution-MyLocation — Grants users with the role the ability to see distribution groups in their locations
VIS-Groups-Distribution-MyOrg — Grants users with the role the ability to see distribution groups in their organizations
VIS-Groups-Generic-MyLocation — Grants users with the role the ability to see generic groups in their locations
VIS-Groups-Generic-MyOrg — Grants users with the role the ability to see generic groups in their organizations
VIS-Groups-Security-MyLocation — Grants users with the role the ability to see security groups in their locations
VIS-Groups-Security-MyOrg — Grants users with the role the ability to see security groups in their organizations
Management Role
VIS-Management-Role-All — Grants users with the role the ability to see all Management Roles
VIS-Management-Role-MyLocation — Grants users with the role the ability to see Management Roles in their locations
VIS-Management-Role-MyOrg — Grants users with the role the ability to see Management Roles in their organizations
Shared Credential
VIS-Shared-Credential-All — Grants users with the role the ability to see all Shared Credentials
VIS-Shared-Credential-MyLocation — Grants users with the role the ability to see Shared Credentials in their locations
VIS-Shared-Credential-MyOrg — Grants users with the role the ability to see Shared Credentials in their organizations