EmpowerID restricts access to the IAM Shop through the use of Management Roles. To access the IAM Shop, users must be assigned to the appropriate roles. Management Roles are prefixed by their function in EmpowerID and include the following:
UI – Management Roles prefixed with UI grant users access to specific UI elements in the EmpowerID Web interface.
VIS – Management Roles prefixed with VIS grant users the ability to see specific objects in EmpowerID.
ACT – Management Roles prefixed with ACT grant users the ability to manage specific objects in EmpowerID.
Roles needed to shop in the IAM Shop
To shop for eligible resources in the IAM Shop, users need to have one or more of the below Management Role assignments (based on the needed scope):
Management Role | Role Type | Description |
---|---|---|
UI-IT-Shop-MS-Application | Feature Set (Ui) | Grants access to shop for access to Applications in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and workflows: |
UI-IT-Shop-MS-Application Role | Feature Set (UI) | Grants access to shop for Application Roles (Groups) in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and web services: |
UI-IT-Shop-MS-Application-Role-Base | Feature Set (UI) | Grants the minimal access needed to shop for Application Roles (Groups) in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and web services: |
UI-IT-Shop-MS-Azure-Admin-Role | Feature Set (UI) | Grants access to shop for Azure Admin Directory Roles in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and web services: |
UI-IT-Shop-MS-Azure-License | Feature Set (UI) | Grants access to shop for Azure Licenses in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and web services: |
UI-IT-Shop-MS-Azure-RBAC-Role | Feature Set (UI) | Grants access to shop for Azure RBAC Roles in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and web services: |
UI-IT-Shop-MS-Business-Role | Feature Set (UI) | Grants access to shop for Business Roles in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and web services: |
UI-IT-Shop-MS-Common | Feature Set (UI) | Grants access for common/shared UI and APIs used by the IAM Shop. The role specifically grants access to the following applications, user interface controls, and web services: |
UI-IT-Shop-MS-Computer | Feature Set (UI) | Grants access to shop for access to servers in the IAM Shop microservice app. . The role specifically grants access to the following user interface controls, pages and reports, and workflows: |
UI-IT-Shop-MS-Full-Access | Feature Set (UI) | Grants access to all Item Types and UI in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, web services and workflows: |
UI-IT-Shop-MS-Mailbox | Feature Set (UI) | Grants access to shop for access to Office 365 Mailboxes in the IAM Shop microservice app. The role specifically grants access to the following user interface controls and pages and reports: |
UI-IT-Shop-MS-Management-Role | Feature Set (UI) | Grants access to shop for EmpowerID Management Roles in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, web services, and workflows: |
UI-IT-Shop-MS-Risk | Feature Set (UI) | Grants access to view and interact with Risks in the IAM Shop microservice app. The role specifically grants access to the following user interface controls and web services: |
UI-IT-Shop-MS-Shared-Credential | Feature Set (UI) | Grants access to shop for Shared Credentials in the IAM Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, and web services: |
VIS-IT-Shop-MS-API | Visibility (VIS) | Grants access to the base web services required by all users of the IAM Shop Microservice. The role specifically grants access to the following web services:
|
IAM Shop, My Tasks, and My Identity Self-Service Full Access | Role Bundle – Contains the below Management Roles:
| Grants full access for using the IAM Shop, My Tasks, My Identity microservices. |
Feature Set (UI) |
Feature Set (UI) |
Feature Set (UI) |
Feature Set (UI) |