You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 4
Next »
EmpowerID restricts access to the IT Shop and the resources and the visibility of resources in it through the use of Management Roles. To access the IT Shop and request resources, users must be assigned to the appropriate roles. Management Roles are prefixed by their function in EmpowerID and include the following:
UI — Management Roles prefixed with UI grant users access to specific UI elements in the EmpowerID Web interface. An example of this type of role for the IT Shop is UI-IT-Shop-Full-Access. This role grants full access to the user interfaces and workflows for requesting access to resources as well as for managing resources.
VIS — Management Roles prefixed with VIS grant users the ability to see specific object types in EmpowerID. For users to see resources of a specific type in the IT Shop they need to have a VIS role for that resource type. An example of this type of role for the IT Shop is VIS-Computer-MyLocations. This role grants access to see computers that belong to same location as the person with the role.
ACT — Management Roles prefixed with ACT grant users the ability to manage specific objects in EmpowerID. An example of this type of role for resource management in EmpowerID is ACT-Computer-Shared-Credential-Assigner-MyLocations. This role grants users with the role the ability to assign and unassign shared credentials to computers in the person's locations.
Roles needed to Access the IT Shop
To access the IT Shop, users need to have one of the below Management Role assignments (based on the needed scope):
Management Role | Access Granted by Management Role |
---|
UI-IT-Shop-Limited-Access | Grants limited access to the IT Shop workflows and user interface to allow access requests. |
UI-IT-Shop-Full-Access | Grants full access to the IT Shop workflows and user interface to allow access requests and resource management. |
Roles needed to Request Access to Resources in the IT Shop
To shop for resources in the IT Shop, users need to have a combination of the following Management Role assignments (based on the needed scope). Roles needed are grouped by resource type.
Application
VIS-Application-All — Grants users with the role the ability to see all applications and subcomponents and request access to those applications
VIS-Applications-MyLocations — Grants users with the role the ability to see applications and their subcomponents in their locations and request access to those applications
VIS-Application-MyOrganization — Grants users with the role the ability to see applications and their subcomponents in their organizations and request access to those applications
Business Role
VIS-BusinessRole-All — Grants users with the role the ability to see all Business Roles and request access to those Business Roles
VIS-BusinessRole-MyLocations — Grants users with the role the ability to see Business Roles in their locations and request access to those Business Roles
VIS-BusinessRole-MyOrgs — Grants users with the role the ability to see Business Roles in their organizations and request access to those Business Roles
Computer
VIS-Computer-All — Grants users with the role the ability to see all computers and request access to those computers
VIS-Computer-MyLocations — Grants users with the role the ability to see computers in their locations and request access to those computers
VIS-Computer-MyOrg — Grants users with the role the ability to see computers in their organizations and request access to those computers
VIS-Computer-WhereLocalAdmin — Grants users with the role the ability to see computers where they are members of the local admins group
Exchange Mailbox
VIS-Mailbox-All — Grants users with the role the ability to see all mailboxes and request access to those mailboxes
VIS-Mailbox-MyLocations — Grants users with the role the ability to see mailboxes in their locations and request access to those mailboxes
VIS-Mailbox-MyOrg — Grants users with the role the ability to see mailboxes in their organizations and request access to those mailboxes
Group
VIS-Groups-All — Grants users with the role the ability to see all groups and request access to those groups
VIS-Groups-All-AD— Grants users with the role the ability to see all AD groups and request access to those groups
VIS-Groups-All-AWS — Grants users with the role the ability to see all AWS groups and request access to those groups
VIS-Groups-All-IT-Systems — Grants users with the role the ability to see all groups under the All IT Systems location and request access to those groups
VIS-Groups-All-O365 — Grants users with the role the ability to see all Office 365 groups and request access to those groups
VIS-Groups-All-SAP — Grants users with the role the ability to see all SAP Roles and Profiles and request access to those roles and profiles
VIS-Groups-Distribution-MyLocation — Grants users with the role the ability to see distribution groups in their locations and request access to those groups
VIS-Groups-Distribution-MyOrg — Grants users with the role the ability to see distribution groups in their organizations and request access to those groups
VIS-Groups-Generic-MyLocation — Grants users with the role the ability to see generic groups in their locations and request access to those groups
VIS-Groups-Generic-MyOrg — Grants users with the role the ability to see generic groups in their organizations and request access to those groups
VIS-Groups-Security-MyLocation — Grants users with the role the ability to see security groups in their locations and request access to those groups
VIS-Groups-Security-MyOrg — Grants users with the role the ability to see security groups in their organizations and request access to those groups
Management Role
VIS-Management-Role-All — Grants users with the role the ability to see all Management Roles and request access to those roles
VIS-Management-Role-MyLocation — Grants users with the role the ability to see Management Roles in their locations and request access to those roles
VIS-Management-Role-MyOrg — Grants users with the role the ability to see Management Roles in their organizations and request access to those roles
Shared Credential
VIS-Shared-Credential-All — Grants users with the role the ability to see all Shared Credentials and request access to those credentials
VIS-Shared-Credential-MyLocation — Grants users with the role the ability to see Shared Credentials in their locations and request access to those credentials
VIS-Shared-Credential-MyOrg — Grants users with the role the ability to see Shared Credentials in their organizations and request access to those credentials