Home /Identity Administration/ Access Assignments / Current: Granting Access using Target RBAC Containers
Target RBAC Containers allow you to grant users access to resources without requiring you to know the location of those resources. This is useful when delegating access to resources scattered across an enterprise. When you make this type of access assignment, you scope the assignment to all resources of a specific type within the Target RBAC Container. EmpowerID includes a number of Target RBAC Containers, with each container targeting a specific resource type. To view information about these types, expand the below drop-down.
Scopes the Access Level assignment to all people who are members of the target or selected Management Role, giving the actor receiving the assignment the ability to perform the operations of the Access Level against those people. An example would be assigning the Administrator Access Level for the Self-Service User Limited Access Management Role to the Enterprise IT Administrator Management Role. In the example, Person is the resource type, the people who are members of the Self-Service User Limited Access Management Role are the resources, and the Enterprise IT Administrator Management Role is the actor. With this type of Access Level assignment, any person with the Enterprise IT Administrator Management Role can perform Administrator operations against any person with the Self-Service User Limited Access Management Role. |
Scopes the Access Level assignment to all user accounts or EmpowerID Persons who are members of the target or selected group, giving the actor receiving the assignment the ability to perform the operations of the Access Level against those user accounts or people. An example would be assigning the Password Manager Access Level for all user accounts in the BK-2107 group to an EmpowerID Person named "John Abreu." In this example, user account is the resource type, the user accounts belonging to the group are the resources, and the EmpoweID Person John Abreu is the actor. With this type of Access Level assignment, John Abreu can perform Password Manager operations against any of the user accounts in the BK-2107 group. |
Scopes the Access Level assignment to all resources that belong to the target or selected Query-Based Collection, giving the actor receiving the assignment the ability to perform the operations of the Access Level against those resources. An example would be assigning the Administrator Access Level for all user accounts in the AD Accounts Never Logged In Query-Based Collection to the Enterprise IT Administrator Management Role. In this example, user account is the resource type, the user accounts in the Query-Based Collection are the resources, and the Enterprise IT Administrator Management Role is the actor. With this type of Access level assignment, any person with the Enterprise IT Administrator Management Role can perform Administrator operations against any of the user accounts belonging to the Query-Based Collection. |
This topic demonstrates how to use Target RBAC Containers for access assignments by assigning a specific level of access against all people who are members of a target Management Role to another Management Role (the actor). In this way, anyone belonging to the "acting" Management Role can perform the operations associated with the access level against all people belonging to the target Management Role.
Once the workflow processes the request, if no approval is needed, you should see the assignment(s) in the grid.
|