The EmpowerID RBAC/ABAC model, which is resource-centric, not role-centric, allows organizations to focus on what they are protecting — resources and the actions that can be performed against those resources. In EmpowerID, these "resource actions" are blocks of code known as "EmpowerID Operations." Each EmpowerID Operation is a protected code object that when executed, performs a specific action against a specific resource object, such as adding a user to a group, creating a mailbox, or viewing a report. In order to perform resource actions, users must have the operations that allow them to do so. In order to facilitate this, EmpowerID bundles operations—as well as native system rights, where applicable—into Access Levels, which are then grouped together into Management Roles. You can think of Management Roles as collections of operational capabilities packaged together as job-based bundles for quick and easy bulk assignments of resources to users based on what they do in your organization. These assignments can be fine-tuned by user attributes, such as the time of day, IP addresses, device used, and more. | 