Skip to end of banner
Go to start of banner

Creating App Rights

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Application rights, or app rights, specify the actions that users or groups can perform within an application. These rights dictate what users can create, read, update, or delete based on their roles or attributes. For example, in a commerce application, app rights can determine who has the authority to update the product catalog, view customer information, and access sales data. Such permissions enable users to complete tasks efficiently while safeguarding the application's data and resources from unauthorized access or manipulation. This article provides step-by-step directions for adding these rights to PBAC applications.

Procedure

  1. Sign in to Resource Admin as at least an Application RBAC Owner.

  2. Under Applications, search for the PBAC application to which you intend to add App Rights and click the Details button for the app record.

    image-20240617-205636.png

     

    This action directs you to the Overview page for the application.

    image-20240617-205830.png

     

  3. Expand the PBAC Definitions menu item, select App Rights, and click Create App Right.

    image-20240617-210000.png


    This action initiates the “Onboard Az Local Right” wizard workflow.

    image-20240424-155937.png

  4. Follow the wizard and fill in the fields of each workflow section with the appropriate information for your application.

For now, leave the Advanced section of the App Right Information empty as it pertains to PBAC approval routing. We will revisit this section when setting up PBAC Approval routing.

Field

Description

Action

Name

Name of the app right

Enter the name of the app right.

Display Name

User friendly name of the app right

Enter a display name for the app right.

Description

Brief characterization of the app right

Enter a brief characterization of the app right.

Right Type

Application Right

N/A (The field is read-only with Application Right is selected by default)

Location

EmpowerID location to be used for RBAC access to the app right. Default Organization is selected by default.

If you wish to select a location other than the default, clear the default location and search for and select the desired location.

PBAC Resource Type

That is an optional setting that specifies the resource type to which the app corresponds.

Select the corresponding PBAC Resource Type. Options available include only those previously created for the application. If the app does not have any PBAC Resource Types, this field returns no results.

When onboarding an App Right, it's essential to specify the individuals responsible for its management and oversight. This includes designating the responsible party, owners, and deputies.

Field

Description

Action

Responsible Party

Identifies the primary individual accountable for the App Right.

Type in the full name of the person who will take responsibility for managing the App Right. This field is mandatory.

Owners

Lists the people who have ownership rights over the App Right.

Enter the names of the individuals designated as owners. Providing owner information is optional but recommended for better governance.

Deputies

Specifies secondary contacts or assistants to the owners.

Input the names of individuals assigned as deputies. Including deputy information is optional.

When making an application requestable in the IAM Shop, it is crucial to configure several settings that dictate how requests are handled and who can access them.

Field

Description

Action

Set Requestable Setting

Determine if the app right should be requestable by users in the IAM Shop.

Enable the "Requestable in IAM Shop" to make the app right available for requests. When enabled, the settings below are relevant.

Select Access Request Policy

Defines the procedure for processing requests for the App Right.

From the "Select Access Request Policy" dropdown, choose the policy that best fits how you wish to handle incoming requests for the app right. If you are using PBAC approval routing, you should select the PBAC Approval Access Request Policy.

Eligible to Request

Specifies users allowed to request access to the app right.

Select the assignee type (e.g., Person, Group, Management Role) and then identify the individuals, groups, or roles eligible to make requests.

Pre-approved for Access

Specifies users who are pre-approved for access to the app right, bypassing the need for manual request approval.

Select the assignee type (e.g., Person, Group, Management Role) and then identify the individuals, groups, or roles pre-approved for the app right.

Suggested Assignees

Identifies users who will see the app right as a suggested resource.

Select the assignee type (e.g., Person, Group, Management Role) and then identify the individuals, groups, or roles suggested for app right eligibility.

  1. Review the summary information for accuracy. If you need to make changes, click the Back button to revisit previous workflow steps.

    image-20240208-143916.png

  2. When ready, click Submit to create the App Right.

  3. Repeat the procedure to add additional App Rights to the application as needed.

Expected Results

You should see the app right has been added to the application.

image-20240208-145454.png

  • No labels