You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Skip to end of banner
Go to start of banner

IT Shop Management Roles

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

/EmpowerID restricts access to the IT Shop and the resources and the visibility of resources in it through the use of Management Roles. To access the IT Shop and request resources, users must be assigned to the appropriate roles. Management Roles are prefixed by their function in EmpowerID and include the following:

  • UI — Management Roles prefixed with UI grant users access to specific UI elements in the EmpowerID Web interface. An example of this type of role for the IT Shop is UI-IT-Shop-Full-Access. This role grants full access to the user interfaces and workflows for requesting access to resources as well as for managing resources.

  • VIS — Management Roles prefixed with VIS grant users the ability to see specific object types in EmpowerID. For users to see resources of a specific type in the IT Shop they need to have a VIS role for that resource type. An example of this type of role for the IT Shop is VIS-Computer-MyLocations. This role grants access to see computers that belong to same location as the person with the role.

  • ACT — Management Roles prefixed with ACT grant users the ability to manage specific objects in EmpowerID. An  example of this type of role for resource management in EmpowerID is ACT-Computer-Shared-Credential-Assigner-MyLocations. This role grants users with the role the ability to assign and unassign shared credentials to computers in the person's locations.

Roles needed to Access the IT Shop

To access the IT Shop, users need to have one of the below Management Role assignments (based on the needed scope):

Management Role

Access Granted by Management Role

UI-IT-Shop-Limited-Access

Grants limited access to the IT Shop workflows and user interface to allow access requests.

UI-IT-Shop-Full-Access

Grants full access to the IT Shop workflows and user interface to allow access requests and resource management.

Roles needed to Request Access to Resources in the IT Shop

To shop for resources in the IT Shop, users need to have a combination of the following Management Role assignments (based on the needed scope). Roles needed are grouped by resource type.

 Application

  • VIS-Application-All — Grants users with the role the ability to see all applications and subcomponents

  • VIS-Applications-MyLocations — Grants users with the role the ability to see applications and their subcomponents in their locations

  • VIS-Application-MyOrganization — Grants users with the role the ability to see applications and their subcomponents in their organizations

 Business Role

  • VIS-BusinessRole-All — Grants users with the role the ability to see all Business Roles

  • VIS-BusinessRole-MyLocations — Grants users with the role the ability to see Business Roles in their locations

  • VIS-BusinessRole-MyOrgs — Grants users with the role the ability to see Business Roles in their organizations

 Computer

  • VIS-Computer-All — Grants users with the role the ability to see all computers

  • VIS-Computer-MyLocations — Grants users with the role the ability to see computers in their locations

  • VIS-Computer-MyOrg — Grants users with the role the ability to see computers in their organizations

  • VIS-Computer-WhereLocalAdmin — Grants users with the role the ability to see computers where they are members of the local admins group

 Exchange Mailbox

  • VIS-Mailbox-All — Grants users with the role the ability to see all mailboxes

  • VIS-Mailbox-MyLocations — Grants users with the role the ability to see mailboxes in their locations

  • VIS-Mailbox-MyOrg — Grants users with the role the ability to see mailboxes in their organizations

 Group

  • VIS-Groups-All — Grants users with the role the ability to see all groups

  • VIS-Groups-All-AD— Grants users with the role the ability to see all AD groups

  • VIS-Groups-All-AWS — Grants users with the role the ability to see all AWS groups

  • VIS-Groups-All-IT-Systems — Grants users with the role the ability to see all groups under the All IT Systems location

  • VIS-Groups-All-O365 — Grants users with the role the ability to see all Office 365 groups

  • VIS-Groups-All-SAP — Grants users with the role the ability to see all SAP Roles and Profiles

  • VIS-Groups-Distribution-MyLocation — Grants users with the role the ability to see distribution groups in their locations

  • VIS-Groups-Distribution-MyOrg — Grants users with the role the ability to see distribution groups in their organizations

  • VIS-Groups-Generic-MyLocation — Grants users with the role the ability to see generic groups in their locations

  • VIS-Groups-Generic-MyOrg — Grants users with the role the ability to see generic groups in their organizations

  • VIS-Groups-Security-MyLocation — Grants users with the role the ability to see security groups in their locations

  • VIS-Groups-Security-MyOrg — Grants users with the role the ability to see security groups in their organizations

 Management Role

  • VIS-Management-Role-All — Grants users with the role the ability to see all Management Roles

  • VIS-Management-Role-MyLocation — Grants users with the role the ability to see Management Roles in their locations

  • VIS-Management-Role-MyOrg — Grants users with the role the ability to see Management Roles in their organizations

 Shared Credential

  • VIS-Shared-Credential-All — Grants users with the role the ability to see all Shared Credentials

  • VIS-Shared-Credential-MyLocation — Grants users with the role the ability to see Shared Credentials in their locations

  • VIS-Shared-Credential-MyOrg — Grants users with the role the ability to see Shared Credentials in their organizations

  • No labels