Navigating the IT Shop
When users log in to the IT Shop, they can see the pages and controls to which their roles grant them access. (See IT Shop Management Roles for access granted.) In the below image, the logged in user has full access to the IT Shop and can see all pages and controls.
Figure 1: IT Shop User Interface
From the IT Shop users can shop for roles or other published resources and submit Business Requests for those objects.
The IT Shop application includes the following controls. Depending on there access to the IT Shop, not all users will see all controls.
Navigation Sidebar — Allows users to seamlessly navigate from the IT Shop to other EmpowerID applications
Filter pane — The Filter pane provides filters to allow users to selectively filter the resources they see. Each filter options builds on previously selected filters.
Resource Type — Filter available resource by resource type. When selecting a specific resource type, the filters change according to that type.
Shopping For — Shop for yourself or another person
Business Domains — Filter available Business Roles by Business Domain. This filter appears only when the Business Roles resource type is selected.
Suggest Application Roles — Shows Application Roles suggested to the user when that user is eligible for those roles. This filter appears only when the Application Roles resource type is selected.
Target System — Filters available Application Roles based on the selected Account Store Type and / or Account Store.
Select Account Store Type allows users to filter Application Roles to display only those roles belonging to Account Stores configured with the selected Account Store Type. Account Store Type is a configurable setting that can be used to logically categorize Account Stores.
Select Account Store allows users to filter Application Roles to display only those roles belonging to the selected Account Store. To be a filter option, Account Stores must have the IsPublishedInITShop property set to true. The filter is used in conjunction with the selected Account Store Type filter to display to users only the Application Roles belonging to the selected account store. Application Roles from other account stores are excluded.
Application Processes — Filter available Application Roles based on the selected process. This filter appears only when the Application Roles resource type is selected.
TCode Search — Filter available Business and Application Roles by TCode. EmpowerID inventories SAP TCodes, SAP Authorization Objects, and its field type values as rights in EmpowerID.
Shop By Reference Person — Allows you to filter available resources to those given to another person. This is useful for quickly requesting access to the same resources of the referenced person when that person has the same job function as the person shopping for resources. Shopping is based on eligibility and visibility of reference person.
Advanced Search — Filter available roles by Friendly Name, Technical Name, By Owner, Classification, and Description.
Resource Panel — Provides a grid or card view of the roles for which the user can request. Each record can be clicked to open a pane that contains an Overview of the request and a Process Steps view from which users can see how far along in the approval process the request is. Users can view and add comments here as well.
Shopping Cart — The shopping cart contains roles the user has requested but not yet submitted. Users shopping for both themselves and others will see two shopping carts. One containing items for themselves and the other containing items requested for others.
Manage Access — The Manage Access page provides users with views of their current access. (Users with the appropriate delegations can view the access that others have as well as their own access.) Users can access this page by clicking their name and selecting Manage Access.
The page contains the following elements:Navigation Sidebar — Allows users to seamlessly navigate from the IT Shop to other EmpowerID applications.
Filter pane — The Filter pane provides filters to allow users to selectively filter resources by type.
Search Bar and Filter — Allows users to search their roles by selected type (or those of another Target Person) within the Manage Access page.
Target Person — Control that allows users to select the person for whom they want to view their current access.
Show Time Constrained — Control that allows users to filter access to those limited by time constraints.
Select Account Store Type — Control that allows users to filter Application Roles to display only those roles belonging to Account Stores configured with the selected Account Store Type.
Select Account Store — Control allows users to filter Application Roles to display only those roles belonging to the selected Account Store. To be a filter option, Account Stores must have the IsPublishedInITShop property set to true.
Resource Panel — Provides a grid or card view of the roles the user (or another Target Person) currently has. Each record has a Details button that opens a pane that contains an Overview of the role, with information about the types of access granted by the role as well as who owns the role. In addition to the Details button, there is a Revoke button on each that is visible to users with the authorization to revoke access to roles.
Pending Access — Control that directs users to the My Requests view of the My Tasks microservice.
Shopping for resources
Users access the IT Shop to request available resources. This requesting action is known as creating or submiting a “Business Request.” Once a Business Request is submitted, EmpowerID routes it for approval based on the Approval Flow policies configured for that request. (See My Tasks for more information about Approval Flow in EmpowerID.) The following demonstrates a typical IT Shop user experience.
The user accesses the IT Shop and filters the available resources to those for which that user is shopping.
The user request access to a particular resource, which opens an Overview panel for the role. This panel provides more information about the resource, including who is an approver for the request
Users then click Add to Cart to add the requested role to their cart.
Once a role is added to the cart, users can click the cart icon when ready to submit their request.
This opens the cart, from which users can add a comment to the request, view the approver of the request based on the Approval Flow policy and enter a Business Request name for their request. Business Requests provide for grouping together multiple cart items into one coherent request. This allows approvers to know what the person’s request if for. For example, if a user is submitted a request to grant roles to user when onboarding that user, the Business Request name could be “Onboarding New Employee Steve Rogers.” By default, the approver is the role receiver’s line manager. If the role receiver does not have a line manager, the cart displays that information.
Users with authorization to manually delegate approval tasks to another can do so by clicking the Change Approver button and selecting another person with the ability to approve the request. This button is secured by the Reassign Cart Approver Control protected application subcomponent and is only available to users with access to the control.When ready to submit the request, the user does the following:
Selects the Business Request Type. For the IT Shop, this should be the IT Shop Business Request Type.
Enters a Business Request Name.
Optionally adds a comment.
Clicks Submit.
Once successfully submitted, a window appears stating that the cart was successfully submitted with a link to track the status of the request.
Clicking the link directs the user’s browser to the My Request page of the My Tasks application with the Overview card for the request open. The card allows the user to view details about the request and the number of approvals needed for the request to be granted.
Manage Access Page
The Manage Access page provides users with a view of their current access, filtered by role type. When users navigate to the page, the default view they see is a grid view with records of their current Business Roles. Each record includes a Details button that users can click to open an Overview pane containing more information about the role, including who owns the role and the access granted to the user by the role. The below image shows the default view of the Manage Access page for a user with one Business Role.
Figure 2: Manage Access Page of the IT Shop
What can users do on this page?
Users can search for a specific role and type by using the search bar and filter located at the top of the page.
Users can view all roles to which they have access by selecting the filter for that role type.
Users can view the details about a particular role they have by clicking the Details button for the role.
Users with the authority to revoke access to a role can do so by clicking the Revoke button for the role.
Users can view all roles to which another person has access by selecting that person as the Target Person. Users must have access to view the person and the person’s roles to do so.
Users can view any roles they have that are limited to specific dates and times by toggling the Show Time Constrained button.
Users can view pending requests by clicking the View Pending Access button. Clicking the button directs the user’s browser to the My Requests View of the My Tasks application.