EmpowerID ships with the following default Management Roles. Click any Management Role to see a tabular description.


Users with this Management Role can perform any action in EmpowerID.


\\



The Assignment Type is Scoped at Location, and except where noted otherwise, the Access Level is All Access (EmpowerID Admin).



\\


Resource TypeAssignment Description
Access RequestAssignment to any Access Request scoped at EmpowerID System.
Access RequestAssignment to any Access Request scoped at Anywhere.
AlertAssignment to any Alert scoped at EmpowerID System.
AlertAssignment to any Alert scoped at Anywhere.
ApplicationAssignment to any Application scoped at EmpowerID System.
ApplicationAssignment to any Application scoped at Anywhere.
Approval Routing GroupAssignment to any Approval Routing Group scoped at EmpowerID System.
Asset RequestAssignment to any Asset Request scoped at EmpowerID System.
Asset RequestAssignment to any Asset Request scoped at Anywhere.
AuditAssignment to any Audit scoped at EmpowerID System.
AuditAssignment to any Audit scoped at Anywhere.
Business RoleAssignment to any Business Role scoped at Anywhere.
Business RoleAssignment to any Business Role scoped at EmpowerID System.
ComputerAssignment to any Computer scoped at Anywhere.
Control (User Interface)Assignment to any Control (User Interface) scoped at EmpowerID System.
Control (User Interface)Assignment to any Control (User Interface) scoped at Anywhere.
EmpowerID SystemAssignment to any EmpowerID System as Administrator scoped at EmpowerID System.
EmpowerID SystemAssignment to any EmpowerID System scoped at EmpowerID System.
Exchange ContactAssignment to any Exchange Contact scoped at Anywhere.
Exchange MailboxAssignment to any Exchange Mailbox scoped at Anywhere.
Exchange Public FolderAssignment to any Exchange Public Folder scoped at Anywhere.
External CredentialAssignment to any External Credential scoped at EmpowerID System.
Folder (Shared)Assignment to any Folder (Shared) scoped at Anywhere.
Generic AssetAssignment to any Generic Asset scoped at Anywhere.
Generic AssetAssignment to any Generic Asset scoped at EmpowerID System.
Generic Asset (AD Protected)Assignment to any Generic Asset (AD Protected) scoped at Anywhere.
Group (Distribution)Assignment to any Group (Distribution) scoped at Anywhere.
Group (Generic)Assignment to any Group (Generic) scoped at Anywhere.
Group (Security)Assignment to any Group (Security) scoped at Anywhere.
LocationAssignment to any Location scoped at EmpowerID System.
LocationAssignment to any Location scoped at Anywhere.
Lync UserAssignment to any Lync User scoped at Anywhere.
Management RoleAssignment to any Management Role scoped at EmpowerID System.
Management RoleAssignment to any Management Role scoped at Anywhere.
Management Role DefinitionAssignment to any Management Role Definition scoped at EmpowerID System.
Management Role DefinitionAssignment to any Management Role Definition scoped at Anywhere.
OrganizationAssignment to any Organization scoped at Anywhere.
OrganizationAssignment to any Organization scoped at EmpowerID System.
Pages and ReportsAssignment to any Pages and Reports scoped at EmpowerID System.
PersonAssignment to any Person scoped at Anywhere.
PersonAssignment to any Person scoped at EmpowerID System.
Printer (Shared)Assignment to any Person scoped at Anywhere.
Query-Based Collection (SetGroup)Assignment to any Query-Based Collection (SetGroup) scoped at Anywhere.
Query-Based Collection (SetGroup)Assignment to any Query-Based Collection (SetGroup) scoped at EmpowerID System.
Separation Of Duties PolicyAssignment to any Separation Of Duties Policy scoped at EmpowerID System.
Separation Of Duties PolicyAssignment to any Separation Of Duties Policy scoped at Anywhere.
SharePoint GroupAssignment to any SharePoint Group scoped at Anywhere.
SharePoint Web SiteAssignment to any SharePoint Web Site scoped at Anywhere.
SSO ApplicationAssignment to any SSO Application scoped at Anywhere.
SSO ApplicationAssignment to any SSO Application scoped at EmpowerID System.
SSO Application DefinitionAssignment to any SSO Application Definition scoped at Anywhere.
SSO Application DefinitionAssignment to any SSO Application Definition scoped at EmpowerID System.
SSO OAuth ConnectionAssignment to any SSO OAuth Connection scoped at EmpowerID System.
SSO OAuth ConnectionAssignment to any SSO OAuth Connection scoped at Anywhere.
SSO SAML ConnectionAssignment to any SSO SAML Connection scoped at Anywhere.
SSO SAML ConnectionAssignment to any SSO SAML Connection scoped at EmpowerID System.
SSO WS-Federation ConnectionAssignment to any SSO WS-Federation Connection scoped at EmpowerID System.
SSO WS-Federation ConnectionAssignment to any SSO WS-Federation Connection scoped at Anywhere.
User AccountAssignment to any User Account scoped at Anywhere.
User AccountAssignment to any User Account scoped at EmpowerID System.
Web ServiceAssignment to any Web Service scoped at Anywhere.
Web ServiceAssignment to any Web Service scoped at EmpowerID System.
WorkflowAssignment to any Workflow scoped at EmpowerID System.
WorkflowAssignment to any Workflow scoped at Anywhere.






Users with this Management Role have full access to the audit workflows and user interfaces that allow users to review their audit tasks.

The Assignment Type for each resource is Direct.

\\



In this table, the Resource Type is Pages and Reports, and the Access Level is Viewer.



\\


ResourceAssignment Description
Auditor Compliance DashboardDirect assignment to Auditor Compliance Dashboard as Viewer.
Auditor Compliance Dashboard To DoDirect assignment to Auditor Compliance Dashboard To Do as Viewer.
Auditor Compliance Dashboard DoneDirect assignment to Auditor Compliance Dashboard Done as Viewer.
Auditor Compliance Dashboard Open ViolationsDirect assignment to Auditor Compliance Dashboard Open Violations as Viewer.
Auditor Compliance Dashboard Closed ViolationsDirect assignment to Auditor Compliance Dashboard Closed Violations as Viewer.
User Compliance DashboardDirect assignment to User Compliance Dashboard as Viewer.
User Compliance Dashboard To DoDirect assignment to User Compliance Dashboard To Do as Viewer.
User Compliance Dashboard DoneDirect assignment to User Compliance Dashboard Done as Viewer.



\\



In this table, the Resource Type is Workflow, and the Access Level is Initiator.



\\


ResourceAssignment Description
SubmitSingleAttestationResponseDirect assignment to SubmitSingleAttestationResponse as Initiator.
SubmitSingleSodViolationResponseDirect assignment to SubmitSingleSodViolationResponse as Initiator.
ProcessAttestationDecisionDirect assignment to ProcessAttestationDecision as Initiator.
AddResourceAttestationCommentDirect assignment to AddResourceAttestationComment as Initiator.
ClaimResourceAttestationDirect assignment to ClaimResourceAttestation as Initiator.
RemoveResourceAttestationDelegateDirect assignment to RemoveResourceAttestationDelegate as Initiator.
UnclaimResourceAttestationDirect assignment to UnclaimResourceAttestation as Initiator.
SetResourceAttestationDelegateDirect assignment to SetResourceAttestationDelegate as Initiator.
AttestationRevokeGroupMembershipDirect assignment to AttestationRevokeGroupMembership as Initiator.





Users with this Management Role have limited access to the audit workflows and user interfaces that allow users to review their audit tasks.

The Assignment Type for each resource is Direct.

\\



In this table, the Resource Type is Pages and Reports, and the Access Level is Viewer.



\\


ResourceAssignment Description
User Compliance Dashboard To DoDirect assignment to User Compliance Dashboard To Do as Viewer.
User Compliance Dashboard DoneDirect assignment to the User Compliance Dashboard Done as Viewer.



\\



In this table, the Resource Type is Workflow, and the Access Level is Initiator.



\\


ResourceAssignment Description
SubmitSingleAttestationResponseDirect assignment to the SubmitSingleAttestationResponse workflow as Initiator.
SubmitSingleSodViolationResponseDirect assignment to the SubmitSingleSodViolationResponse workflow as Initiator.
ProcessAttestationDecisionDirect assignment to the ProcessAttestationDecision workflow as Initiator.
AddResourceAttestationCommentDirect assignment to the AddResourceAttestationComment workflow as Initiator.
AttestationRevokeGroupMembershipDirect assignment to the AttestationRevokeGroupMembership workflow as Initiator.





Users with this Management Role can view and connect to computers, create computers, vault credentials and link to computers.

The Assignment Type for each resource is Direct.

\\



In this table, the Resource Type is Control (User Interface), and the Access Level is Viewer.



\\


ResourceAssignment Description
Shared Credentials TabDirect Assignment to the Shared Credentials tab as Viewer.
Find Computer Page Computer TabDirect Assignment to the Computer tab on the Find Computer page as Viewer.
Find Computer Page Local Accounts TabDirect Assignment to the Local Accounts tab on the Find Computer page as Viewer.
Find Computer Page Local Groups TabDirect Assignment to the Local Groups tab on the Find Computer page as Viewer.
Find Computer Page Local Services TabDirect Assignment to the Local Services tab on the Find Computer page as Viewer.
Find Computer Page App Pools TabDirect Assignment to the App Pools tab on the Find Computer page as Viewer.
IT Shop My Resources My Computers TabDirect Assignment to the My Computers tab on the My Resources page of the IT Shop as Viewer.
My Computer Credentials TabDirect Assignment to the My Computer Credentials tab on the Find Computer page as Viewer.
All Computer Credentials TabDirect Assignment to the All Computer Credentials tab on the Find Computer page as Viewer.
Computer Credentials Check-Outs TabDirect Assignment to the Credential Check Outs tab on the Find Computer page as Viewer.
Shared Credential Dashboard TabDirect Assignment to the Shared Credential Dashboard tab on the Find Shared Credential page as Viewer.
My Shared Credentials TabDirect Assignment to the My Shared Credentials tab on the Find Shared Credential page as Viewer.
All Shared Credentials TabDirect Assignment to the All Shared Credentials tab on the Find Shared Credential page as Viewer.
Shared Credentials Check-Outs TabDirect Assignment to the Credential Check Outs tab on the Find Shared Credential page as Viewer.
Credentials I Manage TabDirect Assignment to the Credentials I Manage tab on the Find Shared Credential page as Viewer.



\\



In this table, the Resource Type is Pages and Reports, and the Access Level is Viewer.



ResourceAssignment Description
Find Computer PageDirect Assignment to the Find Computer page as Viewer.
Saved Credentials PageDirect Assignment to the Saved Credentials page as Viewer.
Find Shared Credentials PageDirect Assignment to the Find Shared Credentials page as Viewer.
Schedule Account Vaulted Password Reset and Update PageDirect Assignment to the Schedule Account Vaulted Password Reset and Update page as Viewer.
Find Shared Credential Policies PageDirect Assignment to the Find Shared Credential Policies page as Viewer.


\\



In this table, the Resource Type is Workflow, and the Access Level is Initiator.



\\


ResourceAssignment Description
Check-Out CredentialDirect Assignment to the Check-Out Credential workflow as Initiator.
Check-In CredentialDirect Assignment to the Check-In Credential workflow as Initiator.
Ping ComputerDirect Assignment to the Ping Computer workflow as Initiator.
Edit Computer Connection Attributes BulkDirect Assignment to the Edit Computer Connection Attributes Bulk workflow as Initiator.
Update External CredentialsDirect Assignment to the Update External Credentials workflow as Initiator.
Provision ComputerDirect Assignment to the Provision Computer workflow as Initiator.
Resource Manager Update ComputerDirect Assignment to the Resource Manager Update Computer workflow as Initiator.
Update Resource TagsDirect Assignment to the Update Resource Tags workflow as Initiator.
Update AssignmentsDirect Assignment to the Update Assignments workflow as Initiator.
Update Secret Shared PeopleDirect Assignment to the Update Secret Shared People workflow as Initiator.
Update External Credential AccountsDirect Assignment to the Update External Credential Accounts workflow as Initiator.
Create Vaulted CredentialDirect Assignment to the Create Vaulted Credential workflow as Initiator.
Edit Windows ServiceDirect Assignment to the Edit Windows Service workflow as Initiator.
Edit Priv SessionDirect Assignment to the Edit Priv Session workflow as Initiator.
Edit Windows Server App PoolDirect Assignment to the Edit Windows Server App Pool workflow as Initiator.
Create Computer and CredentialDirect Assignment to the Create Computer and Credential workflow as Initiator.
Update External Credential PoliciesDirect Assignment to the Update External Credential Policies workflow as Initiator.
Create External Credential PolicyDirect Assignment to the Create External Credential Policy workflow as Initiator.
Edit External Credential PolicyDirect Assignment to the Edit External Credential Policy workflow as Initiator.
Delete External Credential PolicyDirect Assignment to the Delete External Credential Policy workflow as Initiator.





Users with this Management Role have access to view and connect to computers.

The Assignment Type for each resource is Direct.

\\



In this table, the Resource Type is Pages and Reports, and the Access Level is Viewer.



\\


Resource TypeResourceAccess LevelAssignment Description
Control (User Interface)Shared Credentials TabViewerDirect Assignment to the Shared Credentials tab on the Computer page as Viewer.
Control (User Interface)IT Shop My Resources My Computers TabViewerDirect Assignment to the My Computers tab on the My Resources page of the IT Shop as Viewer.
WorkflowCheck-Out CredentialInitiatorDirect Assignment to the Check-Out Credential workflow as Initiator.
WorkflowCheck-In CredentialInitiatorDirect Assignment to the Check-In Credential workflow as Initiator.





Users with this Management Role have limited self-service access and can only view themselves.




Users with this Management Role can see and manage EmpowerID configuration screens and settings.

The Assignment Type for each resource is Scoped At Location and the Access level is All Access (EmpowerID Admin).


\\


Resource TypeAssignment Description
AlertAssignment to any Alert as All Access (EmpowerID Admin) scoped at EmpowerID System.
LocationAssignment to any Location as All Access (EmpowerID Admin) scoped at Anywhere.
EmpowerID SystemAssignment to any EmpowerID System as All Access (EmpowerID Admin) scoped at EmpowerID System.
OrganizationAssignment to any Organization as All Access (EmpowerID Admin) scoped at EmpowerID System.
Business RoleAssignment to any Business Role as All Access (EmpowerID Admin) scoped at EmpowerID System.
LocationAssignment to any Location as All Access (EmpowerID Admin) scoped at EmpowerID System.
WorkflowAssignment to any Workflow as All Access (EmpowerID Admin) scoped at EmpowerID System.
ApplicationAssignment to any Application as All Access (EmpowerID Admin) scoped at EmpowerID System.
Pages and ReportsAssignment to any Pages and Reports as All Access (EmpowerID Admin) scoped at EmpowerID System.
Control (User Interface)Assignment to any Control (User Interface) as All Access (EmpowerID Admin) scoped at EmpowerID System.
Web ServiceAssignment to any Web Service as All Access (EmpowerID Admin) scoped at EmpowerID System.
Asset RequestAssignment to any Asset Request as All Access (EmpowerID Admin) scoped at EmpowerID System.
Access RequestAssignment to any Access Request as All Access (EmpowerID Admin) scoped at EmpowerID System.
Management Role DefinitionAssignment to any Management Role Definition as All Access (EmpowerID Admin) scoped at EmpowerID System.
Management RoleAssignment to any Management Role as All Access (EmpowerID Admin) scoped at EmpowerID System.
Query-Based Collection (SetGroup)Assignment to any Query-Based Collection (SetGroup) as All Access (EmpowerID Admin) scoped at EmpowerID System.





Users with this Management Role can receive security-related event alerts.




Users with this Management Role can receive alerts concerning EmpowerID system events, such as failed jobs.




Users with this Management Role can create and manage audits and related policies.


\\



The Assignment Type for the resources in this table is Scoped At Location.



\\


ResourceAccess LevelAssignment Description
EmpowerID SystemAll Access (EmpowerID Admin)Assignment to any EmpowerID System as All Access (EmpowerID Admin) scoped at Anywhere.
Separation of Duties PolicyReviewerAssignment to any Separation of Duties Policy as Reviewer scoped at EmpowerID System.
AuditReviewerAssignment to any Audit as Reviewer scoped at EmpowerID System.
Pages and ReportsViewerAssignment to any Pages and Reports as Viewer scoped at EmpowerID System.
Separation of Duties PolicyReviewerAssignment to any Separation of Duties Policy as Reviewer scoped at EmpowerID System.
Separation of Duties PolicyAccess ManagerAssignment to any Separation of Duties Policy as Access Manager scoped at EmpowerID System.
Separation of Duties PolicyReviewerAssignment to any Separation of Duties Policy as Reviewer scoped at EmpowerID System.



\\



The Assignment Type for the resources in this table is Direct, the Resource Type is Control (User Interface), and the Access level is Viewer.



\\


ResourceAssignment Description
Organization Resource Type dropdown itemDirect assignment to Organization Resource Type dropdown item as Viewer.
Windows Print Share Resource type dropdown itemDirect assignment to Windows Print Share Resource type dropdown item as Viewer.
Windows File Share Resource type dropdown itemDirect assignment to Windows File Share Resource type dropdown item as Viewer.
AD Security Group Resource Type dropdown itemDirect assignment to AD Security Group Resource Type dropdown item as Viewer.
Workflow Resource Type dropdown itemDirect assignment to Workflow Resource Type dropdown item as Viewer.
Location Resource Type dropdown itemDirect assignment to Location Resource Type dropdown item as Viewer.
Business Role Resource Type dropdown itemDirect assignment to Business Role Resource Type dropdown item as Viewer.
Request Center Global StatsDirect assignment to Request Center Global Stats as Viewer.
Person Resource type dropdown itemDirect assignment to Person Resource type dropdown item as Viewer.
Exchange Mailbox Resource type dropdown itemDirect assignment to Exchange Mailbox Resource type dropdown item as Viewer.
EmpowerID System Resource type dropdown itemDirect assignment to EmpowerId System Resource type dropdown item as Viewer.
Separation OF Duties Policy Resource type dropdown itemDirect assignment to Separation OF Duties Policy Resource type dropdown item as Viewer.
Audit Resource Type dropdown itemDirect assignment to Audit Resource type dropdown item as Viewer.
My Workspace: Audit OnboardingDirect assignment to My Workspace: Audit Onboarding as Viewer.
My Workspace: SOD ViolationsDirect assignment to My Workspace: SOD Violations as Viewer.
EmpowerID Attestation Policy nodeDirect assignment to EmpowerID Attestation Policy node as Viewer.
Account Resource Type dropdown itemDirect assignment to Account Resource Type dropdown item as Viewer.
Application Resource Type dropdown itemDirect assignment to Application Resource Type dropdown item as Viewer.
Control Resource Type dropdown itemDirect assignment to Control Resource Type dropdown item as Viewer.
Resource Manager: SOD PolicyDirect assignment to Resource Manager: SOD Policy as Viewer.
My Workspace: Group Membership ChangesDirect assignment to My Workspace: Group Membership Changes as Viewer.
My Workspace: Audit LogDirect assignment to My Workspace: Audit Log as Viewer.
My Workspace: Audit OffboardingDirect assignment to My Workspace: Audit Offboarding as Viewer.
Group Membership Change LogDirect assignment to Group Membership Change Log as Viewer.
Operation Audit LogDirect assignment to Operation Audit Log as Viewer.
Person Login HistoryDirect assignment to Person Login History as Viewer.
Management Role Resource Type dropdown itemDirect assignment to Management Role Resource Type dropdown item as Viewer.
Page Resource Type dropdown itemDirect assignment to Page Resource Type dropdown item as Viewer.
Access Request Catalog Item Resource Type dropdown itemDirect assignment to Access Request Catalog Item Resource Type dropdown item as Viewer.
Generic Asset AD Protected Resource Type dropdown itemDirect assignment to Generic Asset AD Protected Resource Type dropdown item as Viewer.
Computer Resource Type dropdown itemDirect assignment to Computer Resource Type dropdown item as Viewer.
Exchange Mail Contact Resource Type dropdown itemDirect assignment to Exchange Mail Contact Resource Type dropdown item as Viewer.
Exchange Public Folder Resource Type dropdown itemDirect assignment to Exchange Public Folder Resource Type dropdown item as Viewer.
AD Distribution Group Resource Type dropdown itemDirect assignment to AD Distribution Group Resource Type dropdown item as Viewer.
Web Service Resource Type dropdown itemDirect assignment to Web Service Resource Type dropdown item as Viewer.
Asset Catalog Item Resource Type dropdown itemDirect assignment to Asset Catalog Resource Type dropdown item as Viewer.
Resource Manager : Separation of Duties Policy GroupsDirect assignment to Resource Manager : Separation of Duties Policy Groups as Viewer.


\\



The Assignment Type for the resources in this table is Direct, the Resource Type is Pages and Reports, and the Access level is Viewer.



\\


ResourceAssignment Description
Create SoD PolicyDirect assignment to Create SoD Policy as Viewer.
Auditor Compliance DashboardDirect assignment to Auditor Compliance Dashboard as Viewer.
FindSeparationOfDutiesViolation PageDirect assignment to FindSeparationOfDutiesViolation Page as Viewer.


\\



The Assignment Type for the resources in this table is Direct, the Resource Type is Workflow, and the Access level is Initiator.



\\


ResourceAssignment Description
DeleteAuditDirect assignment to DeleteAudit as Initiator.
AttestationPolicyNewDirect assignment to AttestationPolicyNew as Initiator.
UpdateAttestationPolicyTargetsDirect assignment to UpdateAttestationPolicyTargets as Initiator.
UpdateAuditAttestationPoliciesDirect assignment to UpdateAuditAttestationPolicies as Initiator.
AuditNewDirect assignment to AuditNew as Initiator.
EditAttestationPolciyNoUIDirect assignment to EditAttestationPolciyNoUI as Initiator.
DirectReportAttestationExampleAdvancedDirect assignment to DirectReportAttestationExampleAdvanced as Initiator.
ProvisionSeparationOfDutiesDirect assignment to ProvisionSeparationOfDuties as Initiator.
EditSeparationOfDutiesPolicyNoUIDirect assignment to EditSeparationOfDutiesPolicyNoUI as Initiator.
ProvisionAttestationPolicyDirect assignment to ProvisionAttestationPolicy as Initiator.
EditAuditDetailsDirect assignment to EditAuditDetails as Initiator.
DeleteAttestationPolicyDirect assignment to DeleteAttestationPolicy as Initiator.





Users with this Management Role have enterprise-wide ability to manage all Exchange mailboxes.


\\



In this table, the Assignment Type is Scoped At Location, and the Access Level is All Access (EmpowerID Admin).



\\


Resource TypeAssignment Description
Exchange ContactAssignment to any Exchange Contact as All Access (EmpowerID Admin) scoped at Anywhere.
Exchange MailboxAssignment to any Exchange Mailbox as All Access (EmpowerID Admin) scoped at Anywhere.
Exchange Public FolderAssignment to any Exchange Public as All Access (EmpowerID Admin) scoped at Anywhere.



\\



In this table, the Assignment Type is Direct.



\\


Resource TypeResourceAccess LevelAssignment Description
ApplicationConfiguration ManagerAdministratorDirect assignment to Configuration Manager as Administrator.


\\



In this table, the Assignment Type is Direct, the Resource Type is Control (User Interface), and the Access Level is Viewer.



\\


ResourceAssignment Description
Request Center Global StatsDirect assignment to Request Center Global Stats as Viewer.
Exchange Mailbox Resource Type dropdown itemDirect assignment to Exchange Mailbox Resource Type dropdown item as Viewer.
Exchange Public Folder Resource Type dropdown itemDirect assignment to Exchange Public Folder Resource Type dropdown item as Viewer.
Exchange Mail Contact Resource Type dropdown itemDirect assignment to Exchange Mail Contact Resource Type dropdown item as Viewer.
Deleted Exchange MailboxesDirect assignment to Deleted Exchange Mailboxes as Viewer.
Exchange Mailbox StoresDirect assignment to Exchange Mailbox Stores as Viewer.


\\



In this table, the Assignment Type is Direct, the Resource Type is Workflow, and the Access Level is Initiator.



\\


ResourceAssignment Description
AddExchangeMailboxAddressDirect assignment to AddExchangeMailboxAddress as Initiator.
BulkMailenableGroupDirect assignment to BulkMailenableGroup as Initiator.
CreateEquipmentDirect assignment to CreateEquipment as Initiator.
CreateExchangeMailboxDirect assignment to CreateExchangeMailbox as Initiator.
CreateResourceMailboxDirect assignment to CreateResourceMailbox as Initiator.
CreateUserAndMailboxDirect assignment to CreateUserAndMailbox as Initiator.
CreateUserMailboxDirect assignment to CreateUserMailbox as Initiator.
DeleteExchangeMailboxAddressDirect assignment to DeleteExchangeMailboxAddress as Initiator.
DeleteMailboxDirect assignment to DeleteMailbox as Initiator.
DisableMailboxDirect assignment to DisableMailbox as Initiator.
DisableOWADirect assignment to DisableOWA as Initiator.
EditAcceptMessagesFromDirect assignment to EditAcceptMessagesFrom as Initiator.
EditExchangeMailboxAddressDirect assignment to EditExchangeMailboxAddress as Initiator.
EditMailboxDirect assignment to EditMailbox as Initiator.
EditMailForwardingDirect assignment to EditMailForwarding as Initiator.
EditRejectMessagesFromDirect assignment to EditRejectMessagesFrom as Initiator.
EditSMTPAddressesDirect assignment to EditSMTPAddresses as Initiator.
EnableAutoAcceptDirect assignment to EnableAutoAccept as Initiator.
EnableMailboxWithBasicQuotaDirect assignment to EnableMailboxWithBasicQuota as Initiator.
EnableMailboxWithCorpQuotaDirect assignment to EnableMailboxWithCorpQuota as Initiator.
EnableOWADirect assignment to EnableOWA as Initiator.
EnableWirelessDirect assignment to EnableWireless as Initiator.
HideDLFromGALDirect assignment to HideDLFromGAL as Initiator.
HideMailboxDirect assignment to HideMailbox as Initiator.
MailboxSizeDecreaseDirect assignment to MailboxSizeDecrease as Initiator.
MailboxSizeIncreaseDirect assignment to MailboxSizeIncrease as Initiator.
MailDisableAccountDirect assignment to MailDisableAccount as Initiator.
MailDisableGroupDirect assignment to MailDisableGroup as Initiator.
MailEnableGroupDirect assignment to MailEnableGroup as Initiator.
MoveMailboxDirect assignment to MoveMailbox as Initiator.
ReinstateExchangeMailboxDirect assignment to ReinstateExchangeMailbox as Initiator.
ResourceManagerUpdateMailboxDirect assignment to ResourceManagerUpdateMailbox as Initiator.
SetAsPrimaryExchangeMailboxAddressDirect assignment to SetAsPrimaryExchangeMailboxAddress as Initiator.
ShowDLInGALDirect assignment to ShowDLInGAL as Initiator.
ShowMailboxDirect assignment to ShowMailbox as Initiator.





Users with this Management Role have enterprise-wide ability to manage all groups.


\\



In this table, the Assignment Type is Scoped At Location, and the Access Level is All Access (EmpowerID Admin).



\\


Resource TypeAssignment Description
Group (Security)Assignment to any Group (Security) as All Access (EmpowerID Admin) scoped at Anywhere
Group (Distribution)Assignment to any Group (Distribution) as All Access (EmpowerID Admin) scoped at Anywhere
Group (Generic)Assignment to any Group (Generic) as All Access (EmpowerID Admin) scoped at Anywhere



\\



In this table, Assignment Type is Direct, the Resource Type is Control (User Interface), and the Access Level is Viewer.



\\


ResourceAssignment Description
AD Distribution Group Resource type dropdown itemDirect assignment to AD Distribution Group Resource type dropdown item as Viewer.
AD Security Group Resource type dropdown itemDirect assignment to AD Security Group Resource type dropdown item as Viewer.
All Groups Tab On Find Groups PageDirect assignment to All Groups Tab On Find Groups Page as Viewer.
Deleted GroupsDirect assignment to Deleted Groups as Viewer.
Group Membership Change LogDirect assignment to Group Membership Changes as Viewer.
Request Center Global StatsDirect assignment to Request Center Global Stats as Viewer.
Resource Manager: Access Granted To GroupDirect assignment to Resource Manager: Access Granted To Group as Viewer.
Resource Manager: Group AccountDirect assignment to Resource Manager: Group Account as Viewer.
Resource Manager: Group Account History By AccountDirect assignment to Resource Manager: Group Account History By Account as Viewer.
Resource Manager: Group Account History By GroupDirect assignment to Resource Manager: Group Account History By Group as Viewer.
Resource Manager: Group Account History By PersonDirect assignment to Resource Manager: Group Account History By Person as Viewer.
Resource Manager: Group Group MembershipDirect assignment to Resource Manager: Group Group Membership as Viewer.
Resource Manager: Group Resultant Set Of Resource RolesDirect assignment to Resource Manager: Group Resultant Set Of Resource Roles as Viewer.
Resource Manager: Person Group MembershipDirect assignment to Resource Manager: Person Group Membership as Viewer.
Resource Manager: Resource Role GroupsDirect assignment to Resource Manager: Resource Role Groups as Viewer.


\\



In this table, the Assignment Type is Direct, the Resource Type is Pages and Reports (User Interface), and the Access Level is Viewer.



\\


ResourceAssignment Description
ChangeManager.aspxDirect assignment to ChangeManager.aspx as Viewer.
Create Application PageDirect assignment to Create Application Page as Viewer.
Create GroupDirect assignment to Create Group as Viewer.
Find ProtectedApplicationResourceApplication PageDirect assignment to Find ProtectedApplicationResourceApplication Page as Viewer.
GroupManager.aspxDirect assignment to GroupManager.aspx as Viewer.
GroupMembersForGroupDirect assignment to GroupMembersForGroup as Viewer.
GroupMembershipChangesDirect assignment to GroupMembershipChanges as Viewer.
GroupMembershipChangesHighSecurityDirect assignment to GroupMembershipChangesHighSecurity as Viewer.
GroupMembershipForPersonDirect assignment to GroupMembershipForPerson as Viewer.
GroupMembershipForAccountDirect assignment to GroupMembershipForAccount as Viewer.


\\



In this table, the Assignment Type is Direct, the Resource Type is Workflow, and the Access Level is Initiator.



\\


ResourceAssignment Description
AccountRequestwithGroupDirect assignment to AccountRequestwithGroup as Initiator.
AddAccountsToGroupDirect assignment to AddAccountsToGroup as Initiator.
AddGroupOrgZoneResourceTypeRoleDirect assignment to AddGroupOrgZoneResourceTypeRole as Initiator.
AddGroupResourceRoleDirect assignment to AddGroupResourceRole as Initiator.
AddGroupsToGroupDirect assignment to AddGroupsToGroup as Initiator.
AddPeopleToGroupsDirect assignment to AddPeopleToGroups as Initiator.
AssignGroupOrgRoleOrgZoneDirect assignment to AssignGroupOrgRoleOrgZone as Initiator.
AssignGroupResourceRoleDirect assignment to AssignGroupResourceRole as Initiator.
BulkMailenableGroupDirect assignment to BulkMailenableGroup as Initiator.
CreateADGroupDirect assignment to CreateADGroup as Initiator.
CreateGroupDirect assignment to CreateGroup as Initiator.
DeleteGroupDirect assignment to DeleteGroup as Initiator.
EditGroupDirect assignment to EditGroup as Initiator.
MailDisableGroupDirect assignment to MailDisableGroup as Initiator.
MailEnableGroupDirect assignment to MailEnableGroup as Initiator.
MoveGroupDirect assignment to MoveGroup as Initiator.
RemoveAccountsFromGroupsDirect assignment to RemoveAccountsFromGroups as Initiator.
RemoveGroupAccountDirect assignment to RemoveGroupAccount as Initiator.
RemoveGroupOrgRoleOrgZoneDirect assignment to RemoveGroupOrgRoleOrgZone as Initiator.
RemoveGroupResourceRoleNoUIDirect assignment to RemoveGroupResourceRoleNoUI as Initiator.
RemoveGroupsFromGroupDirect assignment to RemoveGroupsFromGroup as Initiator.
RemoveOrgRoleOrgZoneFromGroupsDirect assignment to RemoveOrgRoleOrgZoneFromGroups as Initiator.
RemoveRbacResourceRoleAssignmentAsActorDirect assignment to RemoveRbacResourceRoleAssignmentAsActor as Initiator.
ResourceManagerEditGroupDirect assignment to ResourceManagerEditGroup as Initiator.





Users with this Management Role have enterprise-wide ability to manage all users, groups, computers, mailboxes and other IT resources.


\\



In this table, the Assignment Type is Scoped At Location, and the Access Level is All Access (EmpowerID Admin).



\\


Resource TypeAssignment Description
ComputerAssignment to any Computer as All Access (EmpowerID Admin) scoped at EmpowerID System.
Exchange MailboxAssignment to any Exchange Mailbox as All Access (EmpowerID Admin) scoped at Anywhere.
Group (Distribution)Assignment to any Group (Distribution) as All Access (EmpowerID Admin) scoped at Anywhere.
Group (Generic)Assignment to any Group (Generic) asAll Access (EmpowerID Admin) scoped at Anywhere.
Group (Security)Assignment to any Group (Security) as All Access (EmpowerID Admin) scoped at Anywhere.
LocationAssignment to any Location as All Access (EmpowerID Admin) scoped at EmpowerID System.
PersonAssignment to any Person as All Access (EmpowerID Admin) scoped at Anywhere
SharePoint GroupAssignment to any SharePoint Group as All Access (EmpowerID Admin) scoped at Anywhere
SharePoint Web SiteAssignment to any SharePoint Web Site as All Access (EmpowerID Admin) scoped at Anywhere
SSO ApplicationAssignment to any SSO Application as All Access (EmpowerID Admin) scoped at Anywhere
SSO Application DefinitionAssignment to any SSO Application Definition as All Access (EmpowerID Admin) scoped at Anywhere
User AccountAssignment to any User Account as All Access (EmpowerID Admin) scoped at Anywhere.



\\



In this table, the Assignment Type is Direct, the Resource Type is Control (User Interface), and the Access Level is Viewer.



\\


ResourceAssignment Description
Account Resource Type dropdown itemDirect assignment to Account Resource Type dropdown item as Viewer.
AD Distribution Group Resource Type dropdown itemDirect assignment to AD Distribution Group Resource Type dropdown item as Viewer.
AD Security Group Resource Type dropdown itemDirect assignment to AD Security Group Resource Type dropdown item as Viewer.
All Groups Tab On Find Groups PageDirect assignment to All Groups Tab On Find Groups Page as Viewer.
All Roles Tab In Find Management Roles PageDirect assignment to All Roles Tab In Find Management Roles Page as Viewer.
Asset OwnerDirect assignment to Asset Owner as Viewer.
Attestation Review TasksDirect assignment to Attestation Review Tasks as Viewer.
Computer Resource Type dropdown itemDirect assignment to Computer Resource Type dropdown item as Viewer.
Deleted AccountsDirect assignment to Deleted Accounts as Viewer.
Deleted Exchange MailboxesDirect assignment to Deleted Mailboxes as Viewer.
Deleted GroupsDirect assignment to Deleted Groups as Viewer.
Deleted Person ObjectsDirect assignment to Deleted Person Objects as Viewer.
Exchange Mail Contact Resource Type dropdown itemDirect assignment to Exchange Mail Contact Resource Type dropdown item as Viewer.
Exchange Mailbox Resource Type dropdown itemDirect assignment to Exchange Mailbox Resource Type dropdown item as Viewer.
Exchange Mailbox StoresDirect assignment to Exchange Mailbox Stores as Viewer.
Exchange Public Folder Resource Type dropdown itemDirect assignment to Exchange Public Folder Resource Type dropdown item as Viewer.
Generic Asset AD Protected Resource Type dropdown itemDirect assignment to Generic Asset AD Protected Resource Type dropdown item as Viewer.
Generic Asset Resource Type dropdown itemDirect assignment to Generic Asset Resource Type dropdown item as Viewer.
Group Membership Change LogDirect assignment to Group Membership Change Log as Viewer.
Inbound Attribute ChangesDirect assignment to Inbound Attribute Changes as Viewer.
My Workspace: All Resource Operation DecisionsDirect assignment to Resource Manager: All Resource Operation Decisions as Viewer.
My Workspace: My Actions In WorkflowsDirect assignment to Resource Manager: My Actions In Workflows as Viewer.
My Workspace: My MembershipDirect assignment to Resource Manager: All Resource Operation Decisions as Viewer.
My Workspace: My Membership ChangesDirect assignment to Resource Manager: My Membership Changes as Viewer.
My Workspace: My Security AssignmentsDirect assignment to My Workspace: My Security Assignments as Viewer.
My Workspace: My Workflow DecisionsDirect assignment to My Workspace: My Workflow Decisions as Viewer.
My Workspace: Protected SSO ApplicationsDirect assignment to My Workspace: Protected SSO Applications as Viewer.
My Workspace: ReportsDirect assignment to My Workspace: Reports as Viewer.
My Workspace: SSO ApplicationsDirect assignment to My Workspace: SSO Applications as Viewer.
New Account InboxDirect assignment to New Account Inbox as Viewer.
Operation Audit LogDirect assignment to Operation Audit Log as Viewer.
Orphan AccountsDirect assignment to Orphan Accounts as Viewer.
Outbound Attribute ChangesDirect assignment to Outbound Attribute Changes as Viewer.
Password Manager EnrollmentDirect assignment to Password Manager Enrollment as Viewer.
Person AssetsDirect assignment to Person Assets as Viewer.
Person Login HistoryDirect assignment to Person Login History as Viewer.
Person Resource Type dropdown itemDirect assignment to Person Resource Type dropdown item as Viewer.
Recently Created ObjectsDirect assignment to Recently Created Objects as Viewer.
Request Center Global StatsDirect assignment to Request Center Global Stats as Viewer.
Resource Manager: Audit History Of ResourceDirect assignment to Resource Manager: Audit History Of Resource as Viewer.
Resource Manager: Access Granted To AccountAssignment to Resource Manager: Access Granted To Account as Viewer.
Resource Manager: Access Granted To GroupAssignment to Resource Manager: Access Granted To Person as Viewer.
Resource Manager: Access Granted To PersonAssignment to Resource Manager:Access Granted To Person as Viewer.
Resource Manager: Account Resultant Set Of Resource RolesDirect assignment to Resource Manager: Account Resultant Set Of Resource Roles as Viewer.
Resource Manager: Audit History By PersonDirect assignment to Resource Manager: Audit History By Person as Viewer.
Resource Manager: Child Management RolesDirect assignment to Resource Manager: Child Management Roles as Viewer.
Resource Manager: Directly Assigned LocationsAssignment to Resource Manager: Directly Assigned Locations as Viewer.
Resource Manager: Email AddressesDirect assignment to Resource Manager: Email Addresses as Viewer.
Resource Manager: EnforcementDirect assignment to Resource Manager: Enforcement as Viewer.
Resource Manager: Group AccountDirect assignment to Resource Manager: Group Account as Viewer.
Resource Manager: Group Account History By AccountDirect assignment to Resource Manager: Group Account History By Account as Viewer.
Resource Manager: Group Account History By GroupDirect Assignment to Resource Manager: Group Account History By Group.
Resource Manager: Group Account History By PersonDirect assignment to Resource Manager: Group Account History By Person as Viewer.
Resource Manager: Group Group MembershipDirect assignment to Resource Manager: Group Group Membership as Viewer.
Resource Manager: Group Resultant Set Of Resource RolesDirect assignment to Resource Manager: Group Resultant Set Of Resource Roles as Viewer.
Resource Manager: Management Role AssigneesDirect assignment to Resource Manager: Management Role Assignees as Viewer.
Resource Manager: Management Role Definition Resource Role AssignmentDirect assignment to Resource Manager: Resultant Set of Operation Assignments as Viewer.
Resource Manager: Management Role Resource Role AssignmentsDirect assignment to Resource Manager: Management Role Resource Role Assignments as Viewer.
Resource Manager: Person AccountDirect assignment to Resource Manager: Person Account as Viewer.
Resource Manager: Person Business RolesDirect assignment to Resource Manager: Person Business Roles as Viewer.
Resource Manager: Person Group MembershipDirect assignment to Resource Manager: Person Group Membership as Viewer.
Resource Manager: Person Resultant Set Of Resource RolesDirect assignment to Resource Manager: Person Resultant Set Of Resource Roles as Viewer.
Resource Manager: Resource Role GroupsDirect assignment to Resource Manager: Resource Role Groups as Viewer.
Resource Manager: Resultant Resource LocationsAssignment to Resource Manager: Resultant Resource Locations as Viewer.
Resource Manager: Resultant Set of Operation AssignmentsDirect assignment to Resource Manager: Resultant Set of Operation Assignments as Viewer.
Resource Manager: Resultant Set Of Rights AssignmentsDirect assignment to Resource Manager: Resultant Set Of Rights Assignments as Viewer.
Resource Manager: Resultant Set of SecurityDirect assignment to Resource Manager: Resultant Set of Security as Viewer.
Resource Manager: RRs To Business RolesDirect assignment to Resource Manager: RRs To Business Roles as Viewer.
Resource Manager: SecurityAssignment to Resource Manager: Security as Viewer.
Resource Manager: SSO Applications AssignmentsDirect assignment to Resource Manager: SSO Applications Assignments as Viewer.
Resources Pending RBAC ProcessingDirect assignment to Resources Pending RBAC Processing as Viewer.
Show Process InfoDirect assignment to Show Process Info as Viewer.
Windows File Share Resource Type dropdown itemDirect assignment to Windows File Share Resource Type dropdown item as Viewer.
Windows Print Share Resource Type dropdown itemDirect assignment to Windows Print Share Resource Type dropdown item as Viewer.
Workflow Error LogDirect assignment to Workflow Error Log as Viewer.


\\



In this table, the Assignment Type is Direct, the Resource Type is Pages and Reports (User Interface), and the Access Level is Viewer.



\\


ResourceAssignment Description
AccountManager.aspxDirect assignment to AccountManager.aspx as Viewer.
AccountsWithoutEmployeeIDDirect assignment to AccountsWithoutEmployeeID as Viewer.
AccountsWithoutManagerDirect assignment to AccountsWithoutManager as Viewer.
ActionsByPersonDirect assignment to ActionsByPerson as Viewer.
ActionsToPersonDirect assignment to ActionsToPerson as Viewer.
AddressesDirect assignment to Addresses as Viewer.
AllPreferredBusinessRolesScopedByLocationDirect assignment to AllPreferredBusinessRolesScopedByLocation as Viewer.
AllPreferredManagementRolesScopedByLocationDirect assignment to AllPreferredManagementRolesScopedByLocation as Viewer.
AllPublicFoldersDirect assignment to AllPublicFolders as Viewer.
BusinessRolesDirect assignment to BusinessRoles as Viewer.
ChangeManager.aspxDirect assignment to ChangeManager.aspx as Viewer.
ComputerManager.aspxDirect assignment to ComputerManager.aspx as Viewer.
Create Application pageDirect assignment to Create Application page as Viewer.
Create GroupDirect assignment to Create Group as Viewer.
Delegations management pageDirect assignment to Delegations management page as Viewer.
DeletedGroupsDirect assignment to DeletedGroups as Viewer.
DeletedMailboxesDirect assignment to DeletedMailboxes as Viewer.
DeletedPeopleDirect assignment to DeletedPeople as Viewer.
DeletedUsersDirect assignment to DeletedUsers as Viewer.
Directory ManagerDirect assignment to Directory Manageras Viewer.
DisabledUsersDirect assignment to DisabledUsers as Viewer.
DomainControllersDirect assignment to DomainControllers as Viewer.
Edit Person Contextual PageDirect assignment to Edit Person Contextual Page as Viewer.
EmailAddressByMailboxDirect assignment to EmailAddressByMailbox as Viewer.
EmpowerIDLocationsDirect assignment to EmpowerIDLocations as Viewer.
EmpowerIDServersDirect assignment to EmpowerIDServers as Viewer.
EmptyGroupsDirect assignment to EmptyGroups as Viewer.
ExchangeMailboxesByLocationDirect assignment to ExchangeMailboxesByLocation as Viewer.
ExchangeMailboxStoresDirect assignment to ExchangeMailboxStores as Viewer.
ExchangeResourceMailboxesByLocationDirect assignment to ExchangeResourceMailboxesByLocation as Viewer.
ExchangeServersDirect assignment to ExchangeServers as Viewer.
ExternalLocationsDirect assignment to ExternalLocations as Viewer.
ExternalRolesDirect assignment to ExternalRoles as Viewer.
Find AccountInbox PageDirect assignment to Find AccountInbox Page as Viewer.
Find Computer PageDirect assignment to Find Computer Page as Viewer.
Find Deleted ObjectsDirect assignment to Find Deleted Objects as Viewer.
Find DeletedAccount PageDirect assignment to Find DeletedAccount Page as Viewer.
Find DeletedExchangeMailbox PageDirect assignment to Find DeletedExchangeMailbox Page as Viewer.
Find DeletedGroups PageDirect assignment to Find DeletedGroups Page as Viewer.
Find DeletedPeople PageDirect assignment to Find DeletedPeople Page as Viewer.
Find Exchange Mailbox PageDirect assignment to Find Exchange Mailbox Page as Viewer.
Find ExchangeMailContact PageDirect assignment to Find ExchangeMailContact Page as Viewer.
Find ExchangePublicFolder PageDirect assignment to Find ExchangePublic Page as Viewer.
Find ExecutionRuntimeJobHistory PageDirect assignment to Find ExecutionRuntimeJobHistory Page as Viewer.
Find Group PageDirect assignment to Find Group Page as Viewer.
Find LoginSession PageDirect assignment to Find LoginSession Page as Viewer.
Find LyncUser PageDirect assignment to Find LyncUser Page as Viewer.
Find OrphanedAccount PageDirect assignment to Find OrphanedAccount Page as Viewer.
Find Person PageDirect assignment to Find Person Page as Viewer.
Find ProtectedApplicationResourceApplication PageDirect assignment to Find ProtectedApplicationResourceApplication Page as Viewer.
Find ResourceAttestation PageDirect assignment to Find ResourceAttestation Page as Viewer.
Find ResourceEntitlementInbox PageDirect assignment to Find ResourceEntitlementInbox Page as Viewer.
Find SeparationOfDutiesViolation PageDirect assignment to Find SeparationOfDutiesViolation Page as Viewer.
Find Shared Folder PageDirect assignment to Find Shared Folder Page as Viewer.
Find SharePointGroup PageDirect assignment to Find SharePointGroup Page as Viewer.
Find User Account PageDirect assignment to Find User Account Page as Viewer.
GetByLocationReportDirect assignment to GetByLocationReport as Viewer.
GroupManager.aspxDirect assignment to GroupManager.aspx as Viewer.
GroupMembersForGroupDirect assignment to GroupMembersForGroup as Viewer.
GroupMembershipChangesDirect assignment to GroupMembershipChanges as Viewer.
GroupMembershipChangesHighSecurityDirect assignment to GroupMembershipChangesHighSecurity as Viewer.
GroupMembershipForAccountDirect assignment to GroupMembershipForAccount as Viewer.
GroupMembershipForPersonDirect assignment to GroupMembershipForPerson as Viewer.
IdentityManagerDirect assignment to IdentityManager as Viewer.
LockedOutUsersDirect assignment to LockedOutUsers as Viewer.
LoginHistoryDirect assignment to LoginHistory as Viewer.
LoginsByHistoryDirect assignment to LoginsByHistory as Viewer.
MembershipChangesByAccountDirect assignment to MembershipChangesByAccount as Viewer.
MembershipChangesByGroupDirect assignment to MembershipChangesByGroup as Viewer.
MembershipChangesByPersonDirect assignment to MembershipChangesByPerson as Viewer.
OrphanAccountsByLocationDirect assignment to OrphanAccountsByLocation as Viewer.
PasswordManagementActivityByDateDirect assignment to PasswordManagementActivityByDate as Viewer.
PasswordManagerEnrollmentDirect assignment to PasswordManagerEnrollment as Viewer.
PasswordManagerNotEnrolledDirect assignment to PasswordManagerNotEnrolled as Viewer.
PeopleByRoleandLocationDirect assignment to PeopleByRoleandLocation as Viewer.
PeopleByRoleReportDirect assignment to PeopleByRoleReport as Viewer.
PeopleWithoutAccountsDirect assignment to PeopleWithoutAccounts as Viewer.
Person OnboardingDirect assignment to Person Onboarding as Viewer.
PersonLoginHistoryDirect assignment to PersonLoginHistory as Viewer.
PersonManager.aspxDirect assignment to PersonManager.aspx as Viewer.
PossibleStaleComputersDirect assignment to PossibleStaleComputers as Viewer.
ResourceRolesForPersonDirect assignment to ResourceRolesForPerson as Viewer.
SecurityAssignmentsByAllManagementRoleReportDirect assignment to SecurityAssignmentsByAllManagementRoleReport as Viewer.
SecurityAssignmentsBusinessRoleAsActorReportDirect assignment to SecurityAssignmentsBusinessRoleAsActorReport as Viewer.
SecurityAssignmentsForAllResourcesReportDirect assignment to SecurityAssignmentsForAllResourcesReport as Viewer.
SecurityAssignmentsGroupAsActorReportDirect assignment to SecurityAssignmentsGroupAsActorReport as Viewer.
SecurityAssignmentsPersonAsActorReportDirect assignment to SecurityAssignmentsPersonAsActorReport as Viewer.
SecurityAssignmentsScopedAtLocationReportDirect assignment to SecurityAssignmentsScopedAtLocationReport as Viewer.
UserAttributeChangesDirect assignment to UserAttributeChanges as Viewer.
UsersNeverLoggedInDirect assignment to UsersNeverLoggedIn as Viewer.
UsersPasswordNeverExpiresDirect assignment to UsersPasswordNeverExpires as Viewer.
View All TasksDirect assignment to View All Tasks as Viewer.
WhitePages.aspxDirect assignment to WhitePages.aspx as Viewer.
WorkflowsByInitiatorDirect assignment to WorkflowsByInitiator as Viewer.


\\



In this table, the Assignment Type is Direct, the Resource Type is Workflow, and the Access Level is Initiator.



\\


ResourceAssignment Description
AccountJoinToPersonDirect assignment to AccountJoinToPerson as Initiator.
AccountRequestDirect assignment to AccountRequest as Initiator.
AccountRequestAdvancedDirect assignment to AccountRequestAdvanced as Initiator.
AccountRequestwithGroupDirect assignment to AccountRequestwithGroup as Initiator.
AccountUnjoinPersonDirect assignment to AccountUnjoinPerson as Initiator.
AddAccountsToGroupsDirect assignment to AddAccountsToGroups as Initiator.
AddExchangeMailboxAddressDirect assignment to AddExchangeMailboxAddress as Initiator.
AddGroupResourceRoleDirect assignment to AddGroupResourceRole as Initiator.
AddGroupsToGroupsDirect assignment to AddGroupsToGroups as Initiator.
AddPeopleToGroupsDirect assignment to AddPeopleToGroups as Initiator.
AddPersonOrgZoneResourceTypeRoleDirect assignment to AddPersonOrgZoneResourceTypeRole as Initiator.
AddPersonResourceRoleDirect assignment to AddPersonResourceRole as Initiator.
AddRbacAssignmentToManagementRoleDirect assignment to AddRbacAssignmentToManagementRole as Initiator.
AddRbacResourceRoleAssignmentDirect assignment to AddRbacResourceRoleAssignment as Initiator.
AddResourceOrgZoneDirect assignment to AddResourceOrgZone as Initiator.
AssetAccessRequestDirect assignment to AssetAccessRequest as Initiator.
AssetAccessRequestSelfServiceDirect assignment to AssetAccessRequestSelfService as Initiator.
AssetProvisionDirect assignment to AssetProvision as Initiator.
AssetProvisionSelfServiceDirect assignment to AssetProvisionSelfService as Initiator.
AssignAssetToPersonDirect assignment to AssignAssetToPerson as Initiator.
AssignGroupOrgRoleOrgZoneDirect assignment to AssignGroupOrgRoleOrgZone as Initiator.
AssignGroupResourceRoleDirect assignment to AssignGroupResourceRole as Initiator.
AssignManagementRolesMultiResourcesMultiActorsDirect assignment to AssignManagementRolesMultiResourcesMultiActors as Initiator.
AssignOrgRoleOrgZoneDirect assignment to AssignOrgRoleOrgZone as Initiator.
AssignOrgRoleOrgZoneResourceRoleDirect assignment to AssignOrgRoleOrgZoneResourceRole as Initiator.
AssignPersonOrgRoleOrgZoneDirect assignment to AssignPersonOrgRoleOrgZone as Initiator.
AssignPersonResourceRoleDirect assignment to AssignPersonResourceRole as Initiator.
AssignSecondaryBusinessRoleandLocationSimpleUIDirect assignment to AssignSecondaryBusinessRoleandLocationSimpleUI as Initiator.
AssignTokenToPersonDirect assignment to AssignTokentoPerson as Initiator.
AuthenticationLevel2OATHLoginDirect assignment to AuthenticationLevel2OATHLogin as Initiator.
Bulk Create People From AccountsDirect assignment to Bulk Create People From Accounts as Initiator.
BulkAddRemoveExchangeMailboxEmailAddressesDirect assignment to BulkAddRemoveExchangeMailboxEmailAddresses as Initiator.
BulkChangePrimaryBusinessRoleAndLocationNonUIDirect assignment to BulkChangePrimaryBusinessRoleAndLocationNonUI as Initiator.
BulkCreatePeopleDirect assignment to BulkCreatePeople as Initiator.
BulkHideInGALDirect assignment to BulkHideInGAL as Initiator.
BulkMailenableGroupDirect assignment to BulkMailenableGroup as Initiator.
ChangePasswordDirect assignment to ChangePassword as Initiator.
ChangePrimaryBusinessRoleLocationSimpleUIDirect assignment to ChangePrimaryBusinessRoleLocationSimpleUI as Initiator.
ChangePrimaryOrgRoleOrgZoneDirect assignment to ChangePrimaryOrgRoleOrgZone as Initiator.
ClaimAccountDirect assignment to ClaimAccount as Initiator.
ClaimPasswordVaultAccountDirect assignment to ClaimPasswordVaultAccount as Initiator.
CopyUserDirect assignment to CopyUser as Initiator.
CreateADGroupDirect assignment to CreateADGroup as Initiator.
CreateBusinessRoleDirect assignment to CreateBusinessRole as Initiator.
CreateEquipmentDirect assignment to CreateEquipment as Initiator.
CreateExchangeMailboxDirect assignment to CreateExchangeMailbox as Initiator.
CreateGroupDirect assignment to CreateGroup as Initiator.
CreateLocationDirect assignment to CreateLocation as Initiator.
CreateOUDirect assignment to CreateOU as Initiator.
CreatePeopleFromFileDirect assignment to CreatePeopleFromFile as Initiator.
CreatePersonAndAccountDirect assignment to CreatePersonAndAccount as Initiator.
CreatePersonFromAccountDirect assignment to CreatePersonFromAccount as Initiator.
CreatePersonSimpleDirect assignment to CreatePersonSimple as Initiator.
CreatePersonSuperSimpleDirect assignment to CreatePersonSuperSimple as Initiator.
CreateResourceMailboxDirect assignment to CreateResourceMailbox as Initiator.
CreateTOTPTokenDirect assignment to CreateTOTPToken as Initiator.
CreateUserDirect assignment to CreateUser as Initiator.
CreateUserAccountDirect assignment to CreateUserAccount as Initiator.
CreateUserAndMailboxDirect assignment to CreateUserAndMailbox as Initiator.
CreateUserHomeFolderDirect assignment to CreateUserHomeFolder as Initiator.
CreateUserMailboxDirect assignment to CreateUserMailbox as Initiator.
DeleteAccountDirect assignment to DeleteAccount as Initiator.
DeleteComputerDirect assignment to DeleteComputer as Initiator.
DeleteExchangeMailboxAddressDirect assignment to DeleteExchangeMailboxAddress as Initiator.
DeleteGroupDirect assignment to DeleteGroup as Initiator.
DeleteMailboxDirect assignment to DeleteMailbox as Initiator.
DeleteOUAndItsChildObjectsDirect assignment to DeleteOUAndItsChildObjects as Initiator.
DisableAccountDirect assignment to DisableAccount as Initiator.
DisableAutoAcceptDirect assignment to DisableAutoAccept as Initiator.
DisableComputerDirect assignment to DisableComputer as Initiator.
DisableMailboxDirect assignment to DisableMailbox as Initiator.
DisableOWADirect assignment to DisableOWA as Initiator.
DisableWirelessDirect assignment to DisableWireless as Initiator.
EditAcceptMessagesFromDirect assignment to EditAcceptMessagesFrom as Initiator.
EditAccountDirect assignment to EditAccount as Initiator.
EditADUserHomeFolderDirect assignment to EditADUserHomeFolder as Initiator.
EditAttestationPolicyNoUIDirect assignment to EditAttestationPolicyNoUI as Initiator.
EditBulkAccountDirect assignment to EditBulkAccount as Initiator.
EditExchangeMailboxAddressDirect assignment to EditExchangeMailboxAddress as Initiator.
EditGroupDirect assignment to EditGroup as Initiator.
EditMailboxDirect assignment to EditMailbox as Initiator.
EditMailForwardingDirect assignment to EditMailForwarding as Initiator.
EditOrgZoneResourceTypeRoleTimeConstraintDirect assignment to EditOrgZoneResourceTypeRoleTimeConstraint as Initiator.
EditOUDirect assignment to EditOU as Initiator.
EditPasswordVaultAccountDirect assignment to EditPasswordVaultAccount as Initiator.
EditPersonDirect assignment to EditPerson as Initiator.
EditPersonDemographicsDirect assignment to EditPersonDemographics as Initiator.
EditRejectMessagesFromDirect assignment to EditRejectMessagesFrom as Initiator.
EditSeparationOfDutiesPolicyNoUIDirect assignment to EditSeparationOfDutiesPolicyNoUI as Initiator.
EditSharePointPersonProfileDirect assignment to EditSharePointPersonProfile as Initiator.
EditSMTPAddressesDirect assignment to EditSMTPAddresses as Initiator.
EditUserDemographicsDirect assignment to EditUserDemographics as Initiator.
EditVisibilityRBACObjectFilterDirect assignment to EditVisibilityRBACObjectFilter as Initiator.
EnableAccountDirect assignment to EnableAccount as Initiator.
EnableAutoAcceptDirect assignment to EnableAutoAccept as Initiator.
EnableComputerDirect assignment to EnableAutoAccept as Initiator.
EnableMailboxWithBasicQuotaDirect assignment to EnableMailboxWithBasicQuota as Initiator.
EnableMailboxWithCorpQuotaDirect assignment to EnableMailboxWithCorpQuota as Initiator.
EnableOWADirect assignment to EnableOWA as Initiator.
EnableWirelessDirect assignment to EnableWireless as Initiator.
EnrollDirect assignment to Enroll as Initiator.
EnrollmentDirect assignment to Enrollment as Initiator.
GetAndUpdateProfileWFDirect assignment to GetAndUpdateProfileWF as Initiator.
HelpdeskAccountUnlockDirect assignment to HelpdeskAccountUnlock as Initiator.
HelpdeskPasswordResetDirect assignment to HelpdeskPasswordReset as Initiator.
HelpdeskSendOTPDirect assignment to HelpdeskSendOTP as Initiator.
HideDLFromGALDirect assignment to HideDLFromGAL as Initiator.
HideMailboxDirect assignment to HideMailbox as Initiator.
ImportOathTokensDirect assignment to ImportOathTokens as Initiator.
JoinAccountToPersonDirect assignment to JoinAccountToPerson as Initiator.
LaptopAssetAssignmentDirect assignment to LaptopAssetAssignment as Initiator.
LaptopAssetProvisionDirect assignment to LaptopAssetProvision as Initiator.
LaptopAssetRegistrationDirect assignment to LaptopAssetRegistration as Initiator.
LDAPCreateAccountDirect assignment to LDAPCreateAccount as Initiator.
LDAPCreateGroupDirect assignment to LDAPCreateAccount as Initiator.
LDAPCreateOUDirect assignment to LDAPCreateAccount as Initiator.
LoginDirect assignment to Login as Initiator.
MailboxSizeDecreaseDirect assignment to MailboxSizeDecrease as Initiator.
MailboxSizeIncreaseDirect assignment to MailboxSizeIncrease as Initiator.
MailDisableAccountDirect assignment to MailDisableAccount as Initiator.
MailDisableGroupDirect assignment to MailDisableGroup as Initiator.
MailEnableAccountDirect assignment to MailEnableAccount as Initiator.
MailEnableGroupDirect assignment to MailEnableGroup as Initiator.
Move ComputerDirect assignment to Move Computer as Initiator.
MoveGroupDirect assignment to MoveGroup as Initiator.
MoveMailboxDirect assignment to MoveMailbox as Initiator.
MovePeopleFromOrgRoleOrgZoneToAnotherDirect assignment to MovePeopleFromOrgRoleOrgZoneToAnother as Initiator.
OrgRoleEditDirect assignment to OrgRoleEdit as Initiator.
PasswordExpirationNotificationDirect assignment to PasswordExpirationNotification as Initiator.
PasswordResetCenterDirect assignment to PasswordResetCenter as Initiator.
PasswordCenterOTPDirect assignment to PasswordCenterOTP as Initiator.
PersonAttributeDefaultValueEditNonResourceManagerDirect assignment to PersonAttributeDefaultValueEditNonResourceManager as Initiator.
PersonEditDirect assignment to PersonEdit as Initiator.
PersonEditNonResourceManagerDirect assignment to PersonEditNonResourceManager as Initiator.
PersonNewDirect assignment to PersonNew as Initiator.
PersonPhotoApprovalDirect assignment to PersonPhotoApproval as Initiator.
ProfileManagerDirect assignment to ProfileManager as Initiator.
ProvisionAssetTypeRequestDirect assignment to ProvisionAssetTypeRequest as Initiator.
ProvisionAttestationPolicyDirect assignment to ProvisionAttestationPolicy as Initiator.
ProvisionCatalogRequestDirect assignment to ProvisionCatalogRequest as Initiator.
ProvisionComputerDirect assignment to ProvisionComputer as Initiator.
ProvisionSeparationOfDutiesDirect assignment to ProvisionSeparationOfDuties as Initiator.
ProvisionVisibilityRBACObjectFilterDirect assignment to ProvisionVisibilityRBACObjectFilter as Initiator.
ProvisionVisibilityRBACObjectSelectColumnDirect assignment to ProvisionVisibilityRBACObjectSelectColumn as Initiator.
ReinstateExchangeMailboxDirect assignment to ReinstateExchangeMailbox as Initiator.
RemoveAccountsFromGroupsDirect assignment to RemoveAccountsFromGroups as Initiator.
RemoveGroupAccountDirect assignment to RemoveGroupAccount as Initiator.
RemoveGroupOrgRoleOrgZoneDirect assignment to RemoveGroupOrgRoleOrgZone as Initiator.
RemoveGroupResourceRoleNoUIDirect assignment to RemoveGroupResourceRoleNoUI as Initiator.
RemoveGroupsFromGroupDirect assignment to RemoveGroupsFromGroup as Initiator.
RemoveOrgRoleOrgZoneFromGroupsDirect assignment to RemoveOrgRoleOrgZoneFromGroups as Initiator.
RemovePersonOrgRoleOrgZoneDirect assignment to RemovePersonOrgRoleOrgZone as Initiator.
RemovePersonOrgRoleOrgZoneNoUIDirect assignment to RemovePersonOrgRoleOrgZoneNoUI as Initiator.
RemovePersonResourceRoleNoUIDirect assignment to RemovePersonResourceRoleNoUI as Initiator.
RemoveRbacAssignmentFromManagementRoleDirect assignment to RemoveRbacAssignmentFromManagementRole as Initiator.
RemoveRbacResourceRoleAssignmentDirect assignment to RemoveRbacResourceRoleAssignment as Initiator.
RemoveRbacResourceRoleAssignmentAsActorDirect assignment to RemoveRbacResourceRoleAssignmentAsActor as Initiator.
RemoveResourceFromOrgZoneDirect assignment to RemoveResourceFromOrgZone as Initiator.
RemoveResourceOrgZoneNoUIDirect assignment to RemoveResourceOrgZoneNoUI as Initiator.
ResetComputerDirect assignment to ResetComputer as Initiator.
ResetAccountPasswordDirect assignment to ResetAccountPassword as Initiator.
ResetPasswordDirect assignment to ResetPassword as Initiator.
ResetPasswordVaultAccountPasswordDirect assignment to ResetPasswordVaultAccountPassword as Initiator.
Resource Manager Delete PersonDirect assignment to Resource Manager Delete Person as Initiator.
Resource Manager Update ComputerDirect assignment to Resource Manager Update Computer as Initiator.
Resource Manager Update OrgZoneDirect assignment to Resource Manager Update OrgZone as Initiator.
Resource Manager Update PersonDirect assignment to Resource Manager Update Person as Initiator.
ResourceEntitlementEditNonResourceManagerDirect assignment to ResourceEntitlementEditNonResourceManager as Initiator.
ResourceManagerAccountDeleteDirect assignment to ResourceManagerAccountDelete as Initiator.
ResourceManagerAccountUpdateDirect assignment to ResourceManagerAccountUpdate as Initiator.
ResourceManagerEditGroupDirect assignment to ResourceManagerEditGroup as Initiator.
ResourceManagerUpdateMailboxDirect assignment to ResourceManagerUpdateMailbox as Initiator.
RestoreDeletedAccountDirect assignment to RestoreDeletedAccount as Initiator.
RevokeResourceRoleNoUIDirect assignment to RevokeResourceRoleNoUI as Initiator.
SelfServiceAccountJoinGroupDirect assignment to SelfServiceAccountJoinGroup as Initiator.
SelfServicePersonJoinGroupDirect assignment to SelfServicePersonJoinGroup as Initiator.
SelfServicePersonLeaveGroupDirect assignment to SelfServicePersonLeaveGroup as Initiator.
SetAsPrimaryExchangeMailboxAddressDirect assignment to SetAsPrimaryExchangeMailboxAddress as Initiator.
SetUserManagerDirect assignment to SetUserManager as Initiator.
ShowDLInGALDirect assignment to ShowDLInGAL as Initiator.
ShowMailboxDirect assignment to ShowMailbox as Initiator.
SubmitSingleAttestationResponseDirect assignment to SubmitSingleAttestationResponse as Initiator.
SubmitSingleSodViolationResponseDirect assignment to SubmitSingleSodViolationResponse as Initiator.
TerminatePersonDirect assignment to TerminatePerson as Initiator.
UnenrollPersonDirect assignment to UnenrollPerson as Initiator.
UnlockAccountDirect assignment to UnlockAccount as Initiator.
UnlockFromRecoveryCenterDirect assignment to UnlockFromRecoveryCenter as Initiator.
UnlockPersonAndAccountsDirect assignment to UnlockPersonAndAccounts as Initiator.
UpdateDirectAssignmentTimeConstraintDirect assignment to UpdateDirectAssignmentTimeConstraint as Initiator.
UpdateGroupAccountMembershipDirect assignment to UpdateGroupAccountMembership as Initiator.
UpdateGroupBusinessRolesDirect assignment to UpdateGroupBusinessRoles as Initiator.
UpdateManagementRoleAssignmentsDirect assignment to UpdateManagementRoleAssignments as Initiator.
UpdateOrgRoleListAsSuggestedOrgZonesDirect assignment to UpdateOrgRoleListAsSuggestedOrgZones as Initiator.
UpdateOrgRoleOrgZoneGroupsDirect assignment to UpdateOrgRoleOrgZoneGroups as Initiator.
UpdateOrgRoleOrgZonePasswordManagerPolicyIDDirect assignment to UpdateOrgRoleOrgZonePasswordManagerPolicyID as Initiator.
UpdateOrgRoleOrgZonePeopleDirect assignment to UpdateOrgRoleOrgZonePeople as Initiator.
UpdateOrgRoleOrgZoneProfileManagerPolicyIDDirect assignment to UpdateOrgRoleOrgZoneProfileManagerPolicyID as Initiator.
UpdateOrgRoleOrgZoneSetGroupIDDirect assignment to UpdateOrgRoleOrgZoneSetGroupID as Initiator.
UpdateOrgRoleOrgZoneSetGroupsDirect assignment to UpdateOrgRoleOrgZoneSetGroups as Initiator.
UpdatePasswordManagerPolicyAssignmentsDirect assignment to UpdatePasswordManagerPolicyAssignments as Initiator.
UpdateProtectedApplicationsDirect assignment to UpdateProtectedApplications as Initiator.
UpdateResourceAssignmentsDirect assignment to UpdateResourceAssignments as Initiator.
UpdateResourceAssignmentsByResourceDirect assignment to UpdateResourceAssignmentsByResource as Initiator.
UpdateResourceTypeRoleOperationsDirect assignment to UpdateResourceTypeRoleOperations as Initiator.
UpdateResourceTypeRoleRightsDirect assignment to UpdateResourceTypeRoleRights as Initiator.
UpdateSSOApplicationDirect assignment to UpdateSSOApplication as Initiator.
UpdateSSOApplicationDefinitionDirect assignment to UpdateSSOApplicationDefinition as Initiator.
ViewPersonDirect assignment to ViewPerson as Initiator.





Users with this Management Role have enterprise-wide ability to perform limited management of users, people and groups.


\\



In this table, the Assignment Type is Scope At Location, and the Access Level is Help Desk.



\\


Resource TypeAssignment Description
PersonAssignment to any Person as Help Desk scoped at Anywhere
User AccountAssignment to any User Account as Help Desk scoped at Anywhere.


\\



In this table, the Assignment Type is Direct, the Resource Type is Control (User Interface), and the Access Level is Viewer.



\\


ResourceAssignment Description
Resource Manager: Access Granted To AccountDirect assignment to Resource Manager: Access Granted To Account as Viewer.
Resource Manager: Access Granted To GroupDirect assignment to Resource Manager: Access Granted To Group as Viewer.
Resource Manager: Access Granted To PersonAssignment to Resource Manager:Access Granted To Person as Viewer.
Resource Manager: Account Resultant Set Of Resource RolesAssignment to Resource Manager: Account Resultant Set of Resource Roles as Viewer.
Resource Manager: Audit History By PersonDirect assignment to Resource Manager: Audit History By Person as Viewer.
Resource Manager: EnforcementDirect assignment to Resource Manager: Enforcement as Viewer.
Resource Manager: Group AccountDirect assignment to Resource Manager: Group Account as Viewer.
Resource Manager: Group Account History By AccountDirect assignment to Resource Manager: Group Account History By Account as Viewer.
Resource Manager: Group Account History By GroupDirect Assignment to Resource Manager: Group Account History By Group.
Resource Manager: Group Account History By PersonDirect assignment to Resource Manager: Group Account History By Person as Viewer.
Resource Manager: Group Group MembershipDirect assignment to Resource Manager: Group Group Membership as Viewer.
Resource Manager: Group Resultant Set of Resource RolesDirect assignment to Resource Manager: Group Resultant Set of Resource Roles as Viewer.
Resource Manager: Person AccountDirect assignment to Resource Manager: Person Account as Viewer.
Resource Manager: Person Business RolesDirect assignment to Resource Manager: Person Business Roles as Viewer.
Resource Manager: Person Group MembershipDirect assignment to Resource Manager: Person Group Membership as Viewer.
Resource Manager: Person Resultant Set Of Resource RolesAssignment to Resource Manager: Person Resultant Set of Resource Roles as Viewer.
Resource Manager: SecurityDirect assignment to Resource Manager: Security as Viewer.
Windows File Share Resource Type dropdown itemDirect assignment to Windows File Share Resource Type dropdown item as Viewer.
Windows Print Share Resource Type dropdown itemDirect assignment to Windows Print Share Resource Type dropdown item as Viewer.



\\



In this table, the Assignment Type is Direct, the Resource Type is Pages and Reports (User Interface), and the Access Level is Viewer.



\\


ResourceAssignment Description
AccountManager.aspxDirect assignment to AccountManager.aspx as Viewer.
AccountsWithoutManagerDirect assignment to AccountsWithoutManager as Viewer.
ActionsByPersonDirect assignment to ActionsByPerson as Viewer.
ActionsToPersonDirect assignment to ActionsToPerson as Viewer.
AddressesDirect assignment to Addresses as Viewer.
ChangeManager.aspxDirect assignment to ChangeManager.aspx as Viewer.
Delegations management pageDirect assignment to Delegations management page as Viewer.
DeletedGroupsDirect assignment to DeletedGroups as Viewer.
DeletedPeopleDirect assignment to DeletedPeople as Viewer.
DeletedUsersDirect assignment to DeletedUsers as Viewer.
Directory ManagerDirect assignment to Directory Manager as Viewer.
DisabledUsersDirect assignment to DisabledUsers as Viewer.
DomainControllersDirect assignment to DomainControllers as Viewer.
EmptyGroupsDirect assignment to EmptyGroups as Viewer.
Find Computer PageDirect assignment to Find Computer Page as Viewer.
Find Group PageDirect assignment to Find Group Page as Viewer.
Find OrgRolOrgZone PageDirect assignment to Find OrgRoleOrgZone Page as Viewer.
Find ProtectedApplicationResourceApplication PageDirect assignment to Find ProtectedApplicationResourceApplication Page as Viewer.
Find User Account PageDirect assignment to Find User Account Page as Viewer.
GroupMembersForGroupDirect assignment to GroupMembersForGroup as Viewer.
GroupMembershipChangesDirect assignment to GroupMembershipChanges as Viewer.
GroupMembershipChangesHighSecurityDirect assignment to GroupMembershipChangesHighSecurity as Viewer.
GroupMembershipForAccountDirect assignment to GroupMembershipForAccount as Viewer.
GroupMembershipForPersonDirect assignment to GroupMembershipForPerson as Viewer.
Identity ManagerDirect assignment to Identity Manager as Viewer.
LockedOutUsersDirect assignment to LockedOutUsers as Viewer.
LoginHistoryDirect assignment to LoginHistory as Viewer.
LoginsByLocationDirect assignment to LoginsByLocation as Viewer.
MembershipChangesByAccountDirect assignment to MembershipChangesByAccount as Viewer.
MembershipChangesByGroupDirect assignment to MembershipChangesByGroup as Viewer.
MembershipChangesByPersonDirect assignment to MembershipChangesByPerson as Viewer.
OrphanAccountsByLocationDirect assignment to OrphanAccountsByLocation as Viewer.
PasswordManagementActivityByDateDirect assignment to PasswordManagementActivityByDate as Viewer.
PasswordManagerEnrollmentDirect assignment to PasswordManagerEnrollment as Viewer.
PasswordManagerNotEnrolledDirect assignment to PasswordManagerNotEnrolled as Viewer.
PeopleByRoleandLocationDirect assignment to PeopleByRoleandLocationas Viewer.
PeopleByRoleReportDirect assignment to PeopleByRoleReport as Viewer.
PeopleWithoutAccountsDirect assignment to PeopleWithoutAccounts as Viewer.
PersonLoginHistoryDirect assignment to PersonLoginHistory as Viewer.
PersonManager.aspxDirect assignment to PersonManager.aspx as Viewer.
PossibleStaleComputersDirect assignment to PossibleStaleComputers as Viewer.
ResourceRolesForPersonDirect assignment to ResourceRolesForPerson as Viewer.
UserAttributeChangesDirect assignment to UserAttributeChanges as Viewer.
UsersNeverLoggedInDirect assignment to UsersNeverLoggedIn as Viewer.
UsersPasswordNeverExpiresDirect assignment to UsersPasswordNeverExpires as Viewer.
WorkflowsByInitiatorDirect assignment to WorkflowsByInitiator as Viewer.


\\



In this table, the Assignment Type is Direct, the Resource Type is Workflow, and the Access Level is Initiator.



\\


ResourceAssignment Description
AccountRequestDirect assignment to AccountRequest as Initiator.
AccountRequestAdvancedDirect assignment to AccountRequestAdvanced as Initiator.
AccountRequestwithGroupDirect assignment to AccountRequestwithGroup as Initiator.
AddAcountsToGroupsDirect assignment to AddAccountsToGroups as Initiator.
AddPeopleToGroupsDirect assignment to AddPeopleToGroups as Initiator.
Bulk Create People From AccountsDirect assignment to Bulk Create People From Accounts as Initiator.
BulkCreatePeopleDirect assignment to BulkCreatePeople as Initiator.
ChangePasswordDirect assignment to ChangePassword as Initiator.
CopyUserDirect assignment to CopyUser as Initiator.
CreatePersonAndAccountDirect assignment to CreatePersonAndAccount as Initiator.
CreatePersonSimpleDirect assignment to CreatePersonSimple as Initiator.
CreateUserDirect assignment to CreateUser as Initiator.
CreateUserHomeFolderDirect assignment to CreateUserHomeFolder as Initiator.
DeleteComputerDirect assignment to DeleteComputer as Initiator.
DeleteOUAndItsChildObjectsDirect assignment to DeleteOUAndItsChildObjects as Initiator.
DisableAccountDirect assignment to DisableAccount as Initiator.
DisableComputerDirect assignment to DisableComputer as Initiator.
EditAccountDirect assignment to EditAccount as Initiator.
EditADUserHomeFolderDirect assignment to EditADUserHomeFolder as Initiator.
EditBulkAccountDirect assignment to EditBulkAccount as Initiator.
EditGroupDirect assignment to EditGroup as Initiator.
EditOUDirect assignment to EditOU as Initiator.
EditPersonDemographicsDirect assignment to EditPersonDemographics as Initiator.
EditUserDemographicsDirect assignment to EditUserDemographics as Initiator.
EnableAccountDirect assignment to EnableAccount as Initiator.
EnableComputerDirect assignment to EnableComputer as Initiator.
EnrollDirect assignment to Enroll as Initiator.
EnrollmentDirect assignment to Enrollment as Initiator.
GetAndUpdateProfileWFDirect assignment to GetAndUpdateProfileWF as Initiator.
HelpdeskAccountUnlockDirect assignment to HelpdeskAccountUnlock as Initiator.
HelpdeskPasswordResetDirect assignment to HelpdeskPasswordReset as Initiator.
HelpdeskSendOTPDirect assignment to HelpdeskSendOTP as Initiator.
LaptopAssetAssignmentDirect assignment to LaptopAssetAssignment as Initiator.
LaptopAssetProvisionDirect assignment to LaptopAssetProvision as Initiator.
LaptopAssetRegistrationDirect assignment to LaptopAssetRegistration as Initiator.
LoginDirect assignment to Login as Initiator.
Move computerDirect assignment to Move Computer as Initiator.
MoveGroupDirect assignment to MoveGroup as Initiator.
PasswordExpirationNotificationDirect assignment to PasswordExpirationNotification as Initiator.
PasswordResetCenterDirect assignment to PasswordResetCenter as Initiator.
PasswordResetCenterOTPDirect assignment to PasswordResetCenterOTP as Initiator.
PersonEditDirect assignment to PersonEdit as Initiator.
PersonNewDirect assignment to PersonNew as Initiator.
ProfileManagerDirect assignment to ProfileManager as Initiator.
ProvisionComputerDirect assignment to ProvisionComputer as Initiator.
RemoveAccountsFromGroupsDirect assignment to RemoveAccountsFromGroups as Initiator.
RemoveGroupAccountDirect assignment to RemoveGroupAccount as Initiator.
Reset ComputerDirect assignment to Reset Computer as Initiator.
ResetAccountPasswordDirect assignment to ResetAccountPassword as Initiator.
ResetPasswordDirect assignment to ResetPassword as Initiator.
ResourceManagerAccountDeleteDirect assignment to ResourceManagerAccountDelete as Initiator.
ResourceManagerAccountUpdateDirect assignment to ResourceManagerAccountUpdate as Initiator.
ResourceManagerEditGroupDirect assignment to ResourceManagerEditGroup as Initiator.
RestoreDeletedAccountDirect assignment to RestoreDeletedAccount as Initiator.
SelfServiceAccountJoinGroupDirect assignment to SelfServiceAccountJoinGroup as Initiator.
SelfServicePersonJoinGroupDirect assignment to SelfServicePersonJoinGroup as Initiator.
SelfServicePersonLeaveGroupDirect assignment to SelfServicePersonLeaveGroup as Initiator.
TestDatasourceDirect assignment to TestDatasource as Initiator.
UnlockAccountDirect assignment to UnlockAccount as Initiator.
UnlockFromRecoveryCenterDirect assignment to UnlockFromRecoveryCenter as Initiator.
UnlockPersonAndAccountsDirect assignment to UnlockPersonAndAccounts as Initiator.
ViewPersonDirect assignment to ViewPerson as Initiator.





Users with this Management Role have enterprise-wide ability to manage all user and person passwords.


\\


Assignment TypeResource TypeResourceAccess LevelAssignment Description
Scoped At LocationPersonN/APassword Reset and UnlockAssignment to any Person as Password Reset and Unlock scoped at Anywhere
DirectControl (User Interface)Request Center Global StatsViewerDirect assignment to Request Center Global Stats as Viewer.



\\



In this table, the Assignment Type is Direct, the Resource Type is Pages and Reports (User Interface), and the Access Level is Viewer.



\\


ResourceAssignment Description
Directory ManagerDirect assignment to Directory Manager as Viewer.
DisabledUsersDirect assignment to DisabledUsers as Viewer.
HelpdeskView.aspxDirect assignment to HelpdeskView.aspx as Viewer.
Identity ManagerDirect assignment to Identity Manager as Viewer.
LockedOutUsersDirect assignment to LockedOutUsers as Viewer.
PasswordManagementActivityByDateDirect assignment to PasswordManagementActivityByDate as Viewer.
PasswordManagerEnrollmentDirect assignment to PasswordManagerEnrollment as Viewer.
PasswordManagerNotEnrolledDirect assignment to PasswordManagerNotEnrolled as Viewer.
UsersPasswordNeverExpiresDirect assignment to UsersPasswordNeverExpires as Viewer.


\\



In this table, the Assignment Type is Direct, the Resource Type is Workflow, and the Access Level is Initiator.



\\


ResourceAssignment Description
ChangePasswordDirect assignment to ChangePassword as Initiator.
CreateTOTPTokenDirect assignment to CreateTOTPToken as Initiator.
EnrollDirect assignment to Enroll as Initiator.
EnrollmentDirect assignment to Enrollment as Initiator.
HelpdeskAccountUnlockDirect assignment to HelpdeskAccountUnlock as Initiator.
HelpdeskPasswordResetDirect assignment to HelpdeskPasswordReset as Initiator.
HelpdeskSendOTPDirect assignment to HelpdeskSendOTP as Initiator.
PasswordExpirationNotificationDirect assignment to PasswordExpirationNotification as Initiator.
PasswordResetCenterDirect assignment to PasswordResetCenter as Initiator.
PasswordResetCenterOTPDirect assignment to PasswordResetCenterOTP as Initiator.
ResetAccountPasswordDirect assignment to ResetAccountPassword as Initiator.
ResetPasswordDirect assignment to ResetPassword as Initiator.
UnenrollPersonDirect assignment to UnenrollPerson as Initiator.
UnlockFromRecoveryCenterDirect assignment to UnlockFromRecoveryCenter as Initiator.





Users with this Management Role have the ability to author RBAC policies and delegations.

This Management Role allows assignees to create, edit, and delete Management Roles and define the Resources Roles they grant. It is not intended for use in assigning people to Management Roles.


\\



In this table, the Assignment Type is Scoped At Location.



\\


Resource TypeAccess LevelAssignment Description
Access RequestAccess ManagerAssignment to any Access Request as Access Manager scoped at Anywhere.
AlertAccess ManagerAssignment to any Alert as Access Manager scoped at EmpowerID System.
ApplicationAccess ManagerAssignment to any Application as Access Manager scoped at EmpoewrID system.
Approval Routing GroupAccess ManagerAssignment to any Approval Routing Group as Access Manager scoped at EmpowerID System.
Asset RequestAccess ManagerAssignment to any Asset Request as Access Manager scoped at Anywhere.
AuditAccess ManagerAssignment to any Audit as Access Manager scoped at EmpowerID System.
Business RoleAccess ManagerAssignment to any Business Role as Access Manager scoped at EmpowerID System.
ComputerAccess ManagerAssignment to any Computer as Access Manager scoped at Anywhere.
Control (User Interface)Access ManagerAssignment to any Control (User Interface) as Access Manager scoped at EmpowerID System.
EmpowerID SystemAccess ManagerAssignment to any EmpowerID System as Access Manager scoped at EmpowerID System.
EmpowerID SystemAccess ManagerAssignment to any EmpowerID System as Access Manager scoped at Anywhere.
Exchange ContactAccess ManagerAssignment to any Exchange Contact as Access Manager scoped at Anywhere.
Exchange MailboxAccess ManagerAssignment to any Exchange Mailbox as Access Manager scoped at Anywhere.
Exchange Public FolderAccess ManagerAssignment to any Exchange Public Folder as Access Manager scoped at Anywhere.
External CredentialAccess ManagerAssignment to any External Credential as Access Manager scoped at Anywhere.
Folder (Shared)Access ManagerAssignment to any Folder (Shared) as Access Manager scoped at Anywhere.
Generic AssetAccess ManagerAssignment to any Generic Asset as Access Manager scoped at Anywhere.
Generic Asset (AD Protected)Access ManagerAssignment to any Generic Asset (AD Protected) as Access Manager scoped at Anywhere.
Group (Generic)Access ManagerAssignment to any Group (Generic) as Access Manager scoped at Anywhere.
Group (Security)Access ManagerAssignment to any Group (Security) as Access Manager scoped at Anywhere.
LocationAccess ManagerAssignment to any Location as Access Manager scoped at EmpowerID System.
Lync UserAccess ManagerAssignment to any Lync User as Access Manager scoped at Anywhere.
Management RoleAccess ManagerAssignment to any Management Role as Access Manager scoped at EmpowerID System.
Management RoleAdministratorAssignment to any Management Role as Administrator scoped at Anywhere.
Management Role DefinitionAccess ManagerAssignment to any Management Role Definition as Access Manager scoped at EmpowerID System.
OrganizationAccess ManagerAssignment to any Person as Access Manager scoped at EmpowerID System.
Pages and ReportsAccess ManagerAssignment to Pages and Reports as Access Manager scoped at EmpowerID System.
PersonResource Role AssigneeAssignment to any Person as Access Manager scoped at EmpowerID System.
Printer (Shared)Access ManagerAssignment to any Printer (Shared) as Access Manager scoped at Anywhere.
Query-Based Collection (SetGroup)Access ManagerAssignment to any Query-Based Collection (SetGroup) as Access Manager scoped at EmpowerID System.
Separation of Duties PolicyAccess ManagerAssignment to any Separation of Duties Policy as Access Manager scoped at Anywhere.
SSO ApplicationAccess ManagerAssignment to any SSO Application as Access Manager scoped at EmpowerID System.
SSO Application DefinitionAccess ManagerAssignment to any SSO Application Definition as Access Manager scoped at EmpowerID System.
SSO SAML ConnectionAccess ManagerAssignment to any SSO SAML Connection as Access Manager scoped at EmpowerID System.
SSO WS-Federation ConnectionAccess ManagerAssignment to any SSO WS-Federation Connection as Access Manager scoped at EmpowerID System.
User AccountAccess ManagerAssignment to any User Account as Access Manager scoped at EmpowerID System.
Web ServiceAccess ManagerAssignment to any Web Service as Access Manager scoped at EmpowerID System.
WorkflowAccess ManagerAssignment to any Workflow as Access Manager scoped at EmpowerID System.



\\



In this table, the Assignment Type is Direct, the Resource Type is Control (User Interface), and the Access Level is Viewer.



\\


ResourceAssignment Description
Resource Manager: Management Role AssigneesDirect assignment to Resource Manager: Management Role Assignees as Viewer.
Resource Manager: Directly Assigned LocationsDirect assignment to Resource Manager: Directly Assigned Locations as Viewer
Management Role Resource Type dropdown itemDirect assignment to Management Role Resource Type dropdown as Viewer
Resource Manager: Management Role Resource Role AssignmentsDirect assignment to Resource Manager: Management Role Resource Role Assignments as Viewer
Resource Manager: Management Role Resultant Set of Resource RolesDirect assignment to Resource Manager: Management Role Resultant Set of Resource Roles as Viewer


\\



In this table, the Assignment Type is Direct, the Resource Type is Workflow, and the Access Level is Initiator.



\\


ResourceAccess LevelAssignment Description
AddRbacAssignmentToManagementRoleViewerDirect assignment to AddRbacAssignmentToManagementRole as Initiator
AddResourceOrgZoneInitiatorDirect assignment to AddResourceOrgZone as Initiator
DeleteManagementRoleViewerDirect assignment to DeleteManagementRole as Initiator
EditManagementRoleNoUIInitiatorDirect assignment to EditManagementRoleNoUI as Initiator
ProvisionManagementRoleInitiatorDirect assignment to ProvisionManagementRole as Initiator.
RemoveRbacAssignmentFromManagementRoleInitiatorDirect assignment to RemoveRbacAssignmentFromManagementRole as Initiator.
RemoveResourceFromOrgZoneInitiatorDirect assignment to RemoveResourceFromOrgZone as Initiator
RemoveResourceOrgZoneNoUIInitiatorDirect assignment to RemoveResourceOrgZoneNoUI as Initiator
UpdateResourceAssignmentsInitiatorDirect assignment to UpdateResourceAssignments as Initiator
UpdateResourceAssignmentsByResourceInitiatorDirect assignment to UpdateResourceAssignmentsByResource as Initiator





Users with this Management Role have enterprise-wide ability to manage all SharePoint webs and groups.


\\



In this table, the Assignment Type is Scoped At Location and the Access Level is All Access (EmpowerID Admin).



\\


Resource TypeAssignment Description
SharePoint GroupAssignment to any SharePoint Group as All Access (EmpowerID Admin) scoped at All IT Systems.
SharePoint Web SiteAssignment to any SharePoint Web Site as All Access (EmpowerID Admin) scoped at All IT Systems.


\\



In this table, the Assignment Type is Direct, the Resource Type is Control (User Interface), and the Access Level is Viewer.



\\


ResourceAssignment Description
AD Distribution Group Resource Type dropdown itemAssignment to AD Distribution Group Resource Type dropdown item as Viewer.
AD Security Group Resource Type dropdown itemAssignment to AD Security Group Resource Type dropdown item as Viewer.
Deleted GroupsDirect assignment to Deleted Groups as Viewer.
Group Membership Change LogAssignment to Group Membership Change Log as Viewer.
My Workspace: Service CatalogDirect assignment to My Workspace: Directory as Viewer.
My Workspace: ColleaguesDirect assignment to My Workspace: Colleagues as Viewer.
My Workspace: DirectoryDirect assignment to My Workspace: Directory as Viewer.
My Workspace: My Actions In WorkflowsDirect assignment to My Workspace: My Actions In Workflows as Viewer.
My Workspace: My Business RolesDirect assignment to My Workspace: My Business Roles as Viewer.
My Workspace: My Email AddressesDirect assignment to My Workspace: My Email Addresses as Viewer.
My Workspace: My Login HistoryDirect assignment to My Workspace: My Login History as Viewer.
My Workspace: My MembershipDirect assignment to My Workspace: My Membership as Viewer.
My Workspace: My Membership ChangesDirect assignment to My Workspace: My Membership Changes as Viewer.
My Workspace: My Security AssignmentsDirect assignment to My Workspace: My Security Assignments as Viewer.
My Workspace: My User AccountsDirect assignment to My Workspace: My User Accounts as Viewer.
My Workspace: My Workflow DecisionsDirect assignment to My Workspace: My Workflow Decisions as Viewer.
My Workspace: ReportsDirect assignment to My Workspace: Reports as Viewer.
My Workspace: Task ListDirect assignment to My Workspace: Task List as Viewer.
Person Login HistoryDirect assignment to Person Login History as Viewer.
Recently Created ObjectsDirect assignment to Recently Created Objects as Viewer.
Request Center Global StatsDirect assignment to Request Center Global Stats asViewer.
Resource Access LevelsDirect assignment to Resource Access Levels as Viewer.
Resource Manager: Access Granted To AccountDirect Assignment to Resource Manager: Access Granted To Account.
Resource Manager:Access Granted To GroupAssignment to Resource Manager:Access Granted To Group as Viewer.
Resource Manager: Access Granted To PersonDirect assignment to Resource Manager: Access Granted To Person as Viewer.
Resource Manager: Account Resultant Set Of Resource RolesDirect assignment to Resource Manager: Account Resultant Set of Resource Roles as Viewer.
Resource Manager: Audit History By PersonDirect assignment to Resource Manager: Audit History By Person as Viewer.
Resource Manager: Directly Assigned LocationsAssignment to Resource Manager: Directly Assigned Locations Resource Role Assignment as Viewer.
Resource Manager: Email AddressesDirect assignment to Resource Manager: Email Addresses as Viewer.
Resource Manager: EnforcementDirect assignment to Resource Manager: Enforcement as Viewer.
Resource Manager: Group AccountDirect assignment to Resource Manager: Group Account as Viewer.
Resource Manager: Group Account History By AccountAssignment to Resource Manager: Group Account History By Account as Viewer.
Resource Manager: Group Account History By GroupAssignment to Resource Manager: Group Account History By Group as Viewer.
Resource Manager: Group Account History By PersonDirect assignment to Resource Manager: Group Account History By Person as Viewer.
Resource Manager: Group Group MembershipDirect assignment to Resource Manager: Group Group Membership as Viewer.
Resource Manager: Group Resultant Set Of Resource RolesDirect assignment to Resource Manager: Group Resultant Set of Resource Roles as Viewer.
Resource Manager: Management Role AssigneesAssignment to Resource Manager: Management Role Assignees as Viewer.
Resource Manager: Management Role Definition Resource Role AssignmentAssignment to Resource Manager: Management Role Definition Resource Role Assignment as Viewer.
Resource Manager: Management Role Resource Role AssignmentsDirect assignment to Resource Manager: Management Role Resource Role Assignments as Viewer.
Resource Manager: Person AccountDirect assignment to Resource Manager: Person Account as Viewer.
Resource Manager: Person Business RolesDirect assignment to Resource Manager: Person Business Roles as Viewer.
Resource Manager: Person Group MembershipDirect assignment to Resource Manager: Person Group Membership as Viewer.
Resource Manager: Person Resultant Set Of Resource RolesDirect assignment to Resource Manager: Person Resultant Set of Resource Roles as Viewer.
Resource Manager: Resource Role GroupsAssignment to Resource Manager: Resource Role Groups as Viewer.
Resource Manager: Resultant Set of SecurityDirect assignment to Resource Manager: Resultant Set of Security as Viewer.
Resource Manager: Resultant Resource LocationsAssignment to Resource Manager: Resultant Resource Locations as Viewer.
Resource Manager: Resultant Set Of Operation AssignmentsDirect assignment to Resource Manager: Resultant Set of Operation Assignments as Viewer.
Resource Manager: Resultant Set Of Rights AssignmentsDirect assignment to Resource Manager: Resultant Set of Rights Assignments as Viewer.
Resource Manager: Resultant Set of Security SecurityDirect assignment to Resource Manager: Resultant Set of Security Security as Viewer.
Resource Manager: RRs To Business RolesDirect assignment to Resource Manager: RRs To Business Roles as Viewer.
Resource Manager: SecurityDirect assignment to Resource Manager: Security as Viewer.
SharePoint Group Resource type dropdown itemAssignment to SharePoint Group Resource type dropdown item as Viewer.
SharePoint Web Resource type dropdown itemAssignment to SharePoint Web Resource type dropdown item as Viewer.



\\



In this table, the Assignment Type is Direct, the Resource Type is Pages and Reports (User Interface), and the Access Level is Viewer.



\\


ResourceAssignment Description
Find SharePointGroup PageDirect assignment to Find SharePointGroup Page as Viewer.
Find SharePointWeb PageDirect assignment to Find SharePointWeb Page as Viewer.
GroupManager.aspxDirect assignment to GroupManager.aspx as Viewer.
PersonManger.aspxDirect assignment to PersonManager.aspx as Viewer.
SimpleWhitePages.aspxDirect assignment to SimpleWhitePages.aspx as Viewer.
WhitePages.aspxDirect assignment to WhitePages.aspx as Viewer.


\\



In this table, the Assignment Type is Direct, the Resource Type is Workflow, and the Access Level is Initiator.



\\


ResourceAssignment Description
AddGroupResourceRoleDirect assignment to AddGroupResourceRole as Initiator.
AddGroupsToGroupDirect assignment to AddGroupsToGroup as Initiator.
AddPeopleToGroupsDirect assignment to AddPeopleToGroups as Initiator.
EditSharePointPersonProfileDirect assignment to EditSharePointPersonProfile as Initiator.





Users with this Management Role have enterprise-wide ability to manage all users.


\\



In this table, the Assignment Type is Scoped At Location and the Access Level is Viewer.



\\


Resource TypeAssignment Description
PersonAssignment to any Person as All Access (EmpowerID Admin) scoped at Anywhere.
User AccountAssignment to any User Account as EmpowerID Administrator scoped at Anywhere.
Exchange AccountAssignment to any Exchange Contact as EmpowerID Administrator scoped at Anywhere.


\\



In this table, the Assignment Type is Direct, the Resource Type is Control (User Interface), and the Access Level is Viewer.



\\


ResourceAssignment Description
Account Resource Type dropdown itemDirect assignment to Account Resource Type dropdown item as Viewer.
DeletedAccountsDirect assignment to DeletedAccounts as Viewer.
Deleted Exchange MailboxesDirect assignment to Deleted Exchange Mailboxes as Viewer.
Deleted GroupsDirect assignment to Deleted Groups as Viewer.
Deleted Person ObjectsDirect assignment to Deleted Person Objects as Viewer.
Exchange Mail Contact Resource Type dropdown itemDirect assignment to Exchange Mail Contact Resource Type dropdown item as Viewer.
Group Membership Change LogDirect assignment to Group Membership Change Log as Viewer.
Inbound Attribute ChangesDirect assignment to Inbound Attribute Changes as Viewer.
New Account InboxDirect assignment to New Account Inbox as Viewer.
Operation Audit LogDirect assignment to Operation Audit Log as Viewer.
Orphan AccountsDirect assignment to Orphan Accounts as Viewer.
Outbound Attribute ChangesDirect assignment to Outbound Attribute Changes as Viewer.
Person Manager EnrollmentDirect assignment to Password Manager Enrollment as Viewer.
Person Login HistoryDirect assignment to Person Login History as Viewer.
Person Resource Type dropdown itemDirect assignment to Person Resource Type dropdown item as Viewer.
Recently Created ObjectsDirect assignment to Recently Created Objects as Viewer.
Request Center Global StatsDirect assignment to Request Center Global Stats as Viewer.
Resource Manager: Access Granted To AccountDirect Assignment to Resource Manager: Access Granted To Account.
Resource Manager: Access Granted To GroupAssignment to Resource Manager: Access Granted To Group as Viewer.
Resource Manager: Access Granted To PersonDirect assignment to Resource Manager: Access Granted To Person as Viewer.
Resource Manager: Account Resultant Set Of Resource RolesDirect assignment to Resource Manager: Account Resultant Set of Resource Roles as Viewer.
Resource Manager: Audit History By PersonDirect assignment to Resource Manager: Audit History By Person as Viewer.
Resource Manager: Group AccountDirect assignment to Resource Manager: Group Account as Viewer.
Resource Manager: Group Account History By AccountAssignment to Resource Manager: Group Account History By Account as Viewer.
Resource Manager: Group Account History By GroupAssignment to Resource Manager: Group Account History By Group as Viewer.
Resource Manager: Group Account History By PersonDirect assignment to Resource Manager: Group Account History By Person as Viewer.
Resource Manager: Person AccountDirect assignment to Resource Manager: Person Account as Viewer.
Resource Manager: Person Business RolesDirect assignment to Resource Manager: Person Business Roles as Viewer.
Resource Manager: Person Group MembershipDirect assignment to Resource Manager: Person Group Membership as Viewer.
Resource Manager: Person Resultant Set Of Resource RolesDirect assignment to Resource Manager: Person Resultant Set of Resource Roles as Viewer.
Resource Manager: Resultant Resource LocationsDirect assignment to Resource Manager: Resultant Resource Locations as Viewer.
Resource Manager: Resultant Set of SecurityDirect assignment to Resource Manager: Resultant Set of Security as Viewer.
Resource Manager: SecurityDirect assignment to Resource Manager: security as Viewer.
Resources Pending RBAC ProcessingDirect assignment to Resources Pending RBAC Processing as Viewer.
Workflow Error LogDirect assignment to Workflow Error Log as Viewer.



\\



In this table, the Assignment Type is Direct, the Resource Type is Pages and Reports (User Interface), and the Access Level is Viewer.



\\


ResourceAssignment Description
AccountManager.aspxDirect assignment to AccountManager.aspx as Viewer.
ChangeManager.aspxDirect assignment to ChangeManager.aspx as Viewer.
Create Application pageDirect assignment to Create Application page as Viewer.
Find ProtectedApplicationResourceApplication pageDirect assignment to Find ProtectedApplicationResourceApplication page as Viewer.
HelpdeskView.aspxDirect assignment to HelpdeskView.aspx as Viewer.
PersonManger.aspxDirect assignment to PersonManager.aspx as Viewer.



\\



In this table, the Assignment Type is Direct, the Resource Type is Workflow, and the Access Level is Initiator.



\\


ResourceAssignment Description
AccountRequestDirect assignment to AccountRequest as Initiator.
AccountRequestAdvancedDirect assignment to AccountRequestAdvanced as Initiator.
AccountRequestwithGroupDirect assignment to AccountRequestwithGroup as Initiator.
AddAccountsToGroupsDirect assignment to AddAccountsToGroups as Initiator.
AddPeopleToGroupsDirect assignment to AddPeopleToGroups as Initiator.
Bulk Create People From AccountsDirect assignment to Bulk Create People From Accounts as Initiator.
BulkCreatePeopleDirect assignment to BulkCreatePeople as Initiator.
BulkMailenableGroupDirect assignment to BulkMailenableGroup as Initiator.
ChangePasswordDirect assignment to ChangePassword as Initiator.
ChangePrimaryBusinessRoleLocationSimpleUIDirect assignment to ChangePrimaryBusinessRoleLocationSimpleUI as Initiator.
ChangePrimaryOrgRoleOrgZoneDirect assignment to ChangePrimaryOrgRoleOrgZone as Initiator.
ClaimAccountDirect assignment to ClaimAccount as Initiator.
CopyUserDirect assignment to CopyUser as Initiator.
CreatePersonAndAccountDirect assignment to CreatePersonAndAccount as Initiator.
CreatePersonFromAccountDirect assignment to CreatePersonFromAccount as Initiator.
CreateUserDirect assignment to CreateUser as Initiator.
CreateUserAccountDirect assignment to CreateUserAccount as Initiator.
CreateUserAndMailboxDirect assignment to CreateUserAndMailbox as Initiator.
CreateUserHomeFolderDirect assignment to CreateUserHomeFolder as Initiator.
DeleteAccountDirect assignment to DeleteAccount as Initiator.
DisableAccountDirect assignment to DisableAccount as Initiator.
EditAccountDirect assignment to EditAccount as Initiator.
EditADUserHomeFolderDirect assignment to EditADUserHomeFolder as Initiator.
EditBulkAccountDirect assignment to EditBulkAccount as Initiator.
EditPersonDemographicsDirect assignment to EditPersonDemographics as Initiator.
EditUserDemographicsDirect assignment to EditUserDemographics as Initiator.
EnableAccountDirect assignment to EnableAccount as Initiator.
EnrollDirect assignment to Enroll as Initiator.
EnrollmentDirect assignment to Enrollment as Initiator.
GetAndUpdateProfileWFDirect assignment to Request Workflow:GetAndUpdateProfileWF as Initiator.
HelpdeskAccountUnlockDirect assignment to HelpdeskAccountUnlock as Initiator.
HelpdeskPasswordResetDirect assignment to HelpdeskPasswordReset as Initiator.
HelpdeskSendOTPDirect assignment to HelpdeskSendOTP as Initiator.
JoinAccountToPersonDirect assignment to JoinAccountToPerson as Initiator.
MailEnableAccountDirect assignment to MailEnableAccount as Initiator.
PasswordExpirationNotificationDirect assignment to PasswordExpirationNotification as Initiator.
PasswordResetCenterDirect assignment to PasswordResetCenter as Initiator.
PasswordResetCenterOTPDirect assignment to PasswordResetCenterOTP as Initiator.
PersonEditDirect assignment to PersonEdit as Initiator.
PersonEditNonResourceManagerDirect assignment to PersonEditNonResourceManager as Initiator.
PersonNewDirect assignment to PersonNew as Initiator.
ProfileManagerDirect assignment to ProfileManager as Initiator.
RemoveAccountFromGroupsDirect assignment to RemoveAccountFromGroups as Initiator.
RemoveGroupAccountDirect assignment to RemoveGroupAccount as Initiator.
RemoveRbacResourceRoleAssignmentDirect assignment to RemoveRbacResourceRoleAssignment as Initiator.
ResetAccountPasswordDirect assignment to ResetAccountPassword as Initiator.
ResetPasswordDirect assignment to ResetPassword as Initiator.
ResourceManagerDeletePersonDirect assignment to ResourceManagerDeletePerson as Initiator.
ResourceManagerUpdatePersonDirect assignment to ResourceManagerUpdatePerson as Initiator.
ResourceManagerAccountDeleteDirect assignment to ResourceManagerAccountDelete as Initiator.
ResourceManagerAccountUpdateDirect assignment to ResourceManagerAccountUpdate as Initiator.
RestoreDeletedAccountDirect assignment to RestoreDeletedAccount as Initiator.
RETDeprovisionADAccountDirect assignment to RETDeprovisionADAccount as Initiator.
SelfServiceAccountJoinGroupDirect assignment to SelfServiceAccountJoinGroup as Initiator.
SelfServicePersonJoinGroupDirect assignment to SelfServicePersonJoinGroup as Initiator.
SelfServicePersonLeaveGroupDirect assignment to SelfServicePersonLeaveGroup as Initiator.
TerminatePersonDirect assignment to TerminatePerson as Initiator.
TestDatasourceDirect assignment to TestDatasource as Initiator.
UnenrollPersonDirect assignment to UnenrollPerson as Initiator.
Update PersonDirect assignment to Update Person as Initiator.
UnjoinAccountFromPersonDirect assignment to UnjoinAccountFromPerson as Initiator.
UnlockAccountDirect assignment to UnlockAccount as Initiator.
UnlockPersonAndAccountsDirect assignment to UnlockPersonAndAccounts as Initiator.
UnlockFromRecoveryCenterDirect assignment to EnableAccount as Initiator.
ViewPersonDirect assignment to ViewPerson as Initiator.





Users with this Management Role receive notifications of group membership changes.





Users with this Management Role have full access to the IT Shop workflows and user interfaces to allow access requests and resource management.


\\



In this table, the Assignment Type is Direct, the Resource Type is Control (User Interface), and the Access Level is Viewer.



\\


ResourceAssignment Description
IT Shop WorkflowsDirect Assignment to IT Shop Workflows as Viewer.
Shopping CartDirect Assignment to Shopping Cart as Viewer.



\\



In this table, the Assignment Type is Direct, the Resource Type is Pages and Reports, and the Access Level is Viewer.



\\


ResourceAssignment Description
IT Shop I ManageDirect Assignment to IT Shop I Manage as Viewer.
IT Shop My AccessDirect Assignment to IT Shop My Access as Viewer.
IT Shop Request AccessDirect Assignment to IT Shop Request Access as Viewer.



\\



In this table, the Assignment Type is Direct, the Resource Type is Workflow, and the Access Level is Initiator.



\\


ResourceAssignment Description
AddBusinessProcessTaskCommentDirect Assignment to AddBusinessProcessTaskComment as Initiator.
AddCommentToTaskDirect Assignment to AddCommentToTask as Initiator.
ClaimBusinessProcessTaskDirect Assignment to ClaimBusinessProcessTask as Initiator.
ClaimSSOAccountDirect Assignment to ClaimSSOAccount as Initiator.
CreateApplicationUserDirect Assignment to CreateApplicationUser as Initiator.
CreateAssetDirect Assignment to CreateAsset as Initiator.
CreateAssetMailboxDirect Assignment to CreateAssetMailbox as Initiator.
CreateGenericAssetDirect Assignment to CreateGenericAsset as Initiator.
ProvisionAssetForPersonDirect Assignment to ProvisionAssetForPerson as Initiator.
RemoveBusinessProcessTaskDelegateDirect Assignment to RemoveBusinessProcessTaskDelegate as Initiator.
SetBusinessProcessTaskDelegateDirect Assignment to SetBusinessProcessTaskDelegate as Initiator.
TerminateWorkflowDirect Assignment to TerminateWorkflow as Initiator.
UnclaimBusinessProcessTaskDirect Assignment to UnclaimBusinessProcessTask as Initiator.
UpdateAccountGroupMembershipDirect Assignment to UpdateAccountGroupMembership as Initiator.
UpdateDirectAssignmentTimeConstraintDirect Assignment to UpdateDirectAssignmentTimeConstraint as Initiator.
UpdateManagementRoleAssignmentsDirect Assignment to UpdateManagementRoleAssignments as Initiator.
UpdatePersonApplicationGroupMembershipDirect Assignment to UpdatePersonApplicationGroupMembership as Initiator.
UpdatePersonDirectAssignmentDirect Assignment to UpdatePersonDirectAssignment as Initiator.
UpdatePersonGroupMembershipDirect Assignment to UpdatePersonGroupMembership as Initiator.
UpdatePersonManagementRoleAssignmentsDirect Assignment to UpdatePersonManagementRoleAssignments as Initiator.
UpdatePersonManagementRolesDirect Assignment to UpdatePersonManagementRoles as Initiator.





Users with this Management Role have limited access to the IT Shop workflows and user interfaces to allow access requests and resource management.


\\



In this table, the Assignment Type is Direct, the Resource Type is Control (User Interface), and the Access Level is Viewer.



\\


ResourceAssignment Description
IT Shop WorkflowsDirect Assignment to IT Shop Workflows as Viewer.
Shopping CartDirect Assignment to Shopping Cart as Viewer.



\\



In this table, the Assignment Type is Direct, the Resource Type is Pages and Reports, and the Access Level is Viewer.



\\


ResourceAssignment Description
IT Shop Request AccessDirect Assignment to IT Shop Request Access as Viewer.



\\



In this table, the Assignment Type is Direct, the Resource Type is Workflow, and the Access Level is Initiator.



\\


ResourceAssignment Description
ClaimSSOAccountDirect Assignment to ClaimSSOAccount as Initiator.
CreateApplicationUserDirect Assignment to CreateApplicationUser as Initiator.
CreateAssetDirect Assignment to CreateAsset as Initiator.
CreateAssetMailboxDirect Assignment to CreateAssetMailbox as Initiator.
CreateGenericAssetDirect Assignment to CreateGenericAsset as Initiator.
ProvisionAssetForPersonDirect Assignment to ProvisionAssetForPerson as Initiator.
UpdateAccountGroupMembershipDirect Assignment to UpdateAccountGroupMembership as Initiator.
UpdateDirectAssignmentTimeConstraintDirect Assignment to UpdateDirectAssignmentTimeConstraint as Initiator.
UpdatePersonApplicationGroupMembershipDirect Assignment to UpdatePersonApplicationGroupMembership as Initiator.
UpdatePersonDirectAssignmentDirect Assignment to UpdatePersonDirectAssignment as Initiator.
UpdatePersonGroupMembershipDirect Assignment to UpdatePersonGroupMembership as Initiator.
UpdatePersonManagementRoleAssignmentsDirect Assignment to UpdatePersonManagementRoleAssignments as Initiator.
UpdatePersonManagementRolesDirect Assignment to UpdatePersonManagementRoles as Initiator.





Users with this Management Role have the ability to perform delegated administration of people, users and groups within partner organizations. They can only see object in the partner organization.


\\



In this table, the Assignment Type is Person Relative Resource and the Access Level is All Access (EmpowerID Admin).



\\


Resource TypeAssignment Description
PersonAssignment to any person as All Access (EmpowerID Admin) that matches this criteria: People in organizations to which I belong.
User AccountAssignment to any user account as All Access (EmpowerID Admin) that matches this criteria: User accounts in organizations to which I belong.
Group (Security)Assignment to any group (security) as All Access (EmpowerID Admin) that matches this criteria: Security groups in organizations to which I belong.
Group (Distribution)Assignment to any group (distribution) as All Access (EmpowerID Admin) that matches this criteria: Distribution groups in organizations to which I belong.
Group (Generic)Assignment to any group (generic) as All Access (EmpowerID Admin) that matches this criteria: Generic groups in organizations to which I belong.



\\



In this table, the Assignment Type is Direct, the Resource Type is Control (User Interface), and the Access Level is Viewer.



\\


ResourceAssignment Description
Account Resource Type Drop-down ItemDirect Assignment to Account Resource Type Drop-down Item as Viewer.
Group Resource Type Drop-down ItemDirect Assignment to Group Resource Type Drop-down Item as Viewer.
Person Resource Type Drop-down ItemDirect Assignment to Person Resource Type Drop-down Item as Viewer.
Global Person Search BoxDirect Assignment to Global Person Search Box as Viewer.



\\



In this table, the Assignment Type is Direct, the Resource Type is Pages and Reports, and the Access Level is Viewer.



\\


ResourceAssignment Description
Find Group PageDirect Assignment to Find Group Page as Viewer.
Find Person PageDirect Assignment to Find Person Page as Viewer.
Find User Account PageDirect Assignment to Find User Account Page as Viewer.
Person OnboardingDirect Assignment to Person Onboarding as Viewer.
View Account PageDirect Assignment to View Account Page as Viewer.
Create Person SimpleDirect Assignment to Create Person Simple as Viewer.
Edit Group PageDirect Assignment to Edit Group Page as Viewer.
Reset Password PageDirect Assignment to Reset Password Page as Viewer.
Edit Person PageDirect Assignment to Edit Person Page as Viewer.
Edit Account PageDirect Assignment to Edit Account Page as Viewer.
View Group PageDirect Assignment to View Group Page as Viewer.
View Person PageDirect Assignment to View Prson Page as Viewer.


\\



In this table, the Assignment Type is Direct, the Resource Type is Workflow, and the Access Level is Initiator.



\\


ResourceAssignment Description
ChangePrimaryOrgRoleOrgZoneDirect Assignment to ChangePrimaryOrgRoleOrgZone as Initiator.
HelpdeskPasswordResetDirect Assignment to HelpdeskPasswordReset as Initiator.
HelpdeskAccountUnlockDirect Assignment to HelpdeskAccountUnlock as Initiator.
UpdateAssignmentsDirect Assignment to UpdateAssignments as Initiator.
UpdatePersonAssignmentsDirect Assignment to UpdatePersonAssignments as Initiator.
ResourceManagerEditGroupDirect Assignment to ResourceManagerEditGroup as Initiator.
TemporaryGroupMembershipDirect Assignment to TemporaryGroupMembership as Initiator.
PersonEditNonResourceManagerDirect Assignment to PersonEditNonResourceManager as Initiator.
CreatePeopleFromFileDirect Assignment to CreatePeopleFromFile as Initiator.
CreatePersonDirect Assignment to CreatePerson as Initiator.
UpdateResourceTagsDirect Assignment to UpdateResourceTags as Initiator.
PersonPhotoApprovalDirect Assignment to PersonPhotoApproval as Initiator.
UpdateGroupAccountMembershipDirect Assignment to UpdateGroupAccountMembership as Initiator.
UpdatePersonRelationshipsDirect Assignment to UpdatePersonRelationships as Initiator.
UpdatePersonBusinessRolesDirect Assignment to UpdatePersonBusinessRoles as Initiator.
UpdateResourceLocationsDirect Assignment to UpdateResourceLocations as Initiator.
DisableMultiplePeopleWFDirect Assignment to DisableMultiplePeopleWF as Initiator.
EditPersonPhotoApprovalDirect Assignment to EditPersonPhotoApproval as Initiator.
DeleteMultiplePeopleWFDirect Assignment to DeleteMultiplePeopleWF as Initiator.
UpdatePersonGroupMembershipDirect Assignment to UpdatePersonGroupMembership as Initiator.





Provides limited access for partner users, typically password self-service and access to SSO applications. Can only see object in the partner organization.



\\



In this table, the Assignment Type is Direct, the Resource Type is Control (User Interface), and the Access Level is Viewer.



\\


ResourceAssignment Description
Person Resource Type Drop-down ItemDirect Assignment to Person Resource Type Drop-down Item as Viewer.



\\



In this table, the Assignment Type is Direct, the Resource Type is Pages and Reports, and the Access Level is Viewer.



\\


ResourceAssignment Description
View Self PageDirect Assignment to View Self Page as Viewer.
Edit Self PageDirect Assignment to Edit Self Page as Viewer.


\\



In this table, the Assignment Type is Direct, the Resource Type is Workflow, and the Access Level is Initiator.



\\


Assignment TypeResource TypeResourceAccess LevelAssignment Description
DirectWorkflowPersonPhotoApprovalInitiatorDirect Assignment to PersonPhotoApproval as Initiator.
DirectWorkflowRequestDecisionsInitiatorDirect Assignment to RequestDecisions as Initiator.
DirectWorkflowPersonEditNonResourceManagerInitiatorDirect Assignment to PersonEditNonResourceManager as Initiator.





Grants access to the provisioning/joiner, mover, and deprovisioning/leaver request workflows. This role is often assigned to HR personnel.


\\



In this table, the Assignment Type is Direct, the Resource Type is Pages and Reports, and the Access Level is Viewer.



\\


ResourceAssignment Description
Create Person SimpleDirect Assignment to Create Person Simple as Viewer.
Person OnboardingDirect Assignment to Person Onboarding as Viewer.
Person TerminationsDirect Assignment to Person Terminations as Viewer.


\\



In this table, the Assignment Type is Direct, the Resource Type is Workflow, and the Access Level is Initiator.



\\


ResourceAssignment Description
ChangePrimaryOrgRoleOrgZoneDirect Assignment to ChangePrimaryOrgRoleOrgZone as Initiator.
ChangePrimaryBusinessRoleLocationSimpleUIDirect Assignment to ChangePrimaryBusinessRoleLocationSimpleUI as Initiator.
DeleteMultiplePeopleWfDirect Assignment to DeleteMultiplePeopleWf as Initiator.
DisableMultiplePeopleWfDirect Assignment to DisableMultiplePeopleWf as Initiator.
RehireCheckWorkflowDirect Assignment to RehireCheckWorkflow as Initiator.





User with this Management Role can perform self-service tasks related to their passwords and profiles.


\\



In this table, the Assignment Type is Scoped At Location and the Access Level is Requestor.



\\


Resource TypeAssignment Description
Asset RequestAssignment to any Asset Request as Requestor scoped at Anywhere.
Access RequestAssignment to any Access Request as Requestor scoped at Anywhere.
AuditAssignment to Reviewer scoped at EmpowerID System.


\\



In this table, the Assignment Type is Scoped At Location and the Access Level is Can Use In Access Assignment.



\\


Resource TypeAssignment Description
PersonAssignment to any Person as Can Use In Access Assignment scoped at EmpowerID System.
PersonAssignment to any Person as Can Use In Access Assignment scoped at Anywhere.
User AccountAssignment to any User Account as Can Use In Access Assignment scoped at Anywhere.
Group (Generic)Assignment to any Group (Generic) as Can Use In Access Assignment scoped at Anywhere.
Group (Security)Assignment to any Group (Security) as Can Use In Access Assignment scoped at Anywhere.
Group (Distribution)Assignment to any Group (Distribution) as Can Use In Access Assignment scoped at Anywhere.
Query-Based Collection (SetGroup)Assignment to any Query-Based Collection (SetGroup) as Can Use In Access Assignment scoped at Anywhere.
Query-Based Collection (SetGroup)Assignment to any Query-Based Collection (SetGroup) as Can Use In Access Assignment scoped at EmpowerID System.
Business RoleAssignment to any Business Role as Can Use In Access Assignment scoped at EmpowerID System.
Business RoleAssignment to any Business Role as Can Use In Access Assignment scoped at Anywhere.
LocationAssignment to any Location as Can Use In Access Assignment scoped at EmpowerID System.
LocationAssignment to any Location as Can Use In Access Assignment scoped at Anywhere.


\\



In this table, the Assignment Type is Direct, the Resource Type is Control (User Interface), and the Access Level is Viewer.



\\


ResourceAssignment Description
My Workspace: HomeDirect assignment to My Workspace: Home as Viewer.
My Workspace: SSO ApplicationsDirect Assignment to My Workspace: SSO Applications To Account.
My Workspace: My Resource Operation DecisionsDirect Assignment to My Workspace: MY Resource Operation Decisions To Account.
My Workspace: Protected SSO ApplicationsDirect Assignment to My Workspace: Protected SSO Applications To Account.
My Workspace: My Security AssignmentsDirect Assignment to My Workspace: My Security Assignments To Account.
My Workspace: My Workflow DecisionsDirect Assignment to My Workspace: My Workflow Decisions To Account.
My Workspace: Task ListDirect Assignment to My Workspace: Task List To Account.
My Workspace: My Resultant AccessDirect Assignment to My Workspace: My Resultant Access To Account.
My Workspace: My Security AssignmentsDirect Assignment to My Workspace: My Security Assignments To Account.


\\



In this table, the Assignment Type is Direct, the Resource is Default Organization, and the Access Level is Viewer.



\\


Resource TypeAssignment Description
LocationDirect assignment to Default Organization as Viewer.
OrganizationDirect assignment to Default Organization as Viewer.



\\



In this table, the Assignment Type is Direct, the Resource Type is Pages and Reports (User Interface), and the Access Level is Viewer.



\\


ResourceAssignment Description
Change Password Standalone WorkflowDirect assignment to Change Password Standalone Workflow as Viewer.
IT ShopDirect assignment to IT Shop as Viewer.
User Compliance DashboardDirect assignment to User Compliance Dashboard as Viewer.
White PagesDirect assignment to White Pages as Viewer.
Edit Self PageDirect assignment to Edit Self Page as Viewer.
Enrollment Standalone WorkflowDirect assignment to Enrollment Standalone Workflow as Viewer.


\\



In this table, the Assignment Type is Direct, the Resource Type is Web Service, and the Access Level is Executor.



\\


ResourceAssignment Description
LoginServiceDirect assignment to LoginService as Executor.
LoginService.HasRightsToCallDirect assignment to LoginService.HasRightsToCall as Executor.
LoginService.RunLoginWorkflowDirect assignment to LoginService.RunLoginWorkflow asExecutor.


\\



In this table, the Assignment Type is Direct, the Resource Type is Workflow, and the Access Level is Initiator.



\\


ResourceAssignment Description
RequestOathTokenDirect assignment to Request Workflow: RequestOathToken as Initiator.
UpdateDirectAssignmentTimeConstraintDirect assignment to Request Workflow: UpdateDirectAssignmentTimeConstraint as Initiator.
PersonPhotoApprovalDirect assignment to Request Workflow: PersonPhotoApproval as Initiator.
SubmitSingleSodViolationResponseDirect assignment to Request Workflow: SubmitSingleSodViolationResponse as Initiator.
BulkAddRemoveExchangeMailboxEmailAddressesDirect assignment to Request Workflow: BulkAddRemoveExchangeMailboxEmailAddresses as Initiator.
SubmitSingleAttestationResponseDirect assignment to Request Workflow: SubmitSingleAttestationResponse as Initiator.
UpdateManagementRoleAssignmentsDirect assignment to Request Workflow: UpdateManagementRoleAssignments as Initiator.
ClaimBusinessProcessTaskDirect assignment to Request Workflow: ClaimBusinessProcessTask as Initiator.
ChangePersonBusinessRoleAndLocationDirect assignment to Request Workflow: ChangePersonBusinessRoleAndLocation as Initiator.
ProcessAttestationDecisionDirect assignment to Request Workflow: ProcessAttestationDecision as Initiator.
UpdatePersonManagementRolesDirect assignment to Request Workflow: UpdatePersonManagementRoles as Initiator.
AuthenticationLevel2OATHLoginDirect assignment to Request Workflow: AuthenticationLevel2OATHLogin as Initiator.
UpdateResourceAssignmentsByResourceDirect assignment to Request Workflow: UpdateResourceAssignmentsByResource as Initiator.
UpdateGroupAccountMembershipDirect assignment to Request Workflow: UpdateGroupAccountMembership as Initiator.
SendPersonOneTimePasswordDirect assignment to Request Workflow: SendPersonOneTimePassword as Initiator.
EditPasswordVaultAccountDirect assignment to Request Workflow: EditPasswordVaultAccount as Initiator.
ResetPasswordValutAccountPasswordDirect assignment to Request Workflow: ResetPasswordValutAccountPassword as Initiator.
ClaimPasswordVaultAccountDirect assignment to Request Workflow: ClaimPasswordVaultAccount as Initiator.
UpdatePersonRelationshipsDirect assignment to Request Workflow: UpdatePersonRelationships as Initiator.
UpdatePersonAccountsDirect assignment to Request Workflow: UpdatePersonAccounts as Initiator.
UpdateGroupMemberGroupsDirect assignment to Request Workflow: UpdateGroupMemberGroups as Initiator.
UpdatePersonBusinessRolesDirect assignment to Request Workflow: UpdatePersonBusinessRoles as Initiator.
UpdateResourceLocationsDirect assignment to Request Workflow: UpdateResourceLocations as Initiator.
UpdateResourceAssignmentsDirect assignment to Request Workflow: UpdateResourceAssignments as Initiator.
UpdateResourceTagsDirect assignment to Request Workflow: UpdateResourceTags as Initiator.
UpdatePersonAssetsDirect assignment to Request Workflow: UpdatePersonAssets as Initiator.
UpdateAccountGroupMembershipDirect assignment to Request Workflow: UpdateAccountGroupMembership as Initiator.
UpdatePersonManagementRoleAssignmentsDirect assignment to Request Workflow: UpdatePersonManagementRoleAssignments as Initiator.
UnclaimResourceAttestationDirect assignment to Request Workflow: UnclaimResourceAttestation as Initiator.
ClaimResourceAttestationDirect assignment to Request Workflow: ClaimResourceAttestation as Initiator.
CreateGenericAssetDirect assignment to Request Workflow: CreateGenericAsset as Initiator.
AddResourceAttestationCommentDirect assignment to Request Workflow: AddResourceAttestationComment as Initiator.
AddBusinessProcessTaskCommentDirect assignment to Request Workflow: AddBusinessProcessTaskComment as Initiator.
UnclaimBusinessProcessTaskCommentDirect assignment to Request Workflow: UnclaimBusinessProcessTaskComment as Initiator.
ClaimBusinessProcessTaskCommentDirect assignment to Request Workflow: ClaimBusinessProcessTaskComment as Initiator.
RemoveBusinessProcessTaskDelegateDirect assignment to Request Workflow: RemoveBusinessProcessTaskDelegate as Initiator.
SetBusinessProcessTaskDelegateDirect assignment to Request Workflow: SetBusinessProcessTaskDelegate as Initiator.
RequestManagementRoleDirect assignment to Request Workflow: RequestManagementRole as Initiator.
SelfServiceRequestManagementRoleDirect assignment to Request Workflow: SelfServiceRequestManagementRole as Initiator.
ProvisionAssetForPersonDirect assignment to Request Workflow: ProvisionAssetForPerson as Initiator.
DeleteOwnSSOAccountDirect assignment to Request Workflow: DeleteOwnSSOAccount as Initiator.
SelfServiceRequestApplicationRoleDirect assignment to Request Workflow: SelfServiceRequestApplicationRole as Initiator.
UpdatePersonManagementRolesDirect assignment to Request Workflow: UpdatePersonManagementRoles as Initiator.
UpdatePersonDirectAssignmentDirect assignment to Request Workflow: UpdatePersonDirectAssignment as Initiator.
UpdateAssignmentsDirect assignment to Request Workflow: UpdateAssignments as Initiator.
CreateAssetDirect assignment to Request Workflow: CreateAsset as Initiator.
CreateLaptopAssetDirect assignment to Request Workflow: CreateLaptopAsset as Initiator.
CreateAssetMailboxDirect assignment to Request Workflow: CreateAssetMailbox as Initiator.
CreatePersonDirect assignment to Request Workflow: CreatePerson as Initiator.
AddCommentToTaskDirect assignment to Request Workflow: AddCommentToTask as Initiator.
CreateApplicationUserDirect assignment to Request Workflow: CreateApplicationUser as Initiator.
ResumeWorkflowsDirect assignment to Request Workflow: ResumeWorkflows as Initiator.
EnrollmentDirect assignment to Request Workflow: Enrollment as Initiator.
ProfileManagerDirect assignment to Request Workflow: ProfileManager as Initiator.
PasswordResetCenterDirect assignment to Request Workflow: PasswordResetCenter as Initiator.
ChangePasswordDirect assignment to Request Workflow: ChangePassword as Initiator.
RegisterAccountDirect assignment to Request Workflow: RegisterAccount as Initiator.
ClaimSSOAccountDirect assignment to Request Workflow: ClaimSSOAccount as Initiator.
EditPersonPhotoApprovalDirect assignment to Request Workflow: EditPersonPhotoApproval as Initiator.
AuthenticationLevel2LoginDirect assignment to Request Workflow: AuthenticationLevel2Login as Initiator.
AuthenticationLevel3LoginDirect assignment to Request Workflow: AuthenticationLevel3Login as Initiator.
AuthenticationLevel4LoginDirect assignment to Request Workflow: AuthenticationLevel4Login as Initiator.
LoginDirect assignment to Request Workflow: Login as Initiator.
AssignAssetToPersonDirect assignment to Request Workflow: AssignAssetToPerson as Initiator.
RequestDecisionsDirect assignment to Request Workflow: RequestDecisions as Initiator.
ProcessAttestationDecisionDirect assignment to Request Workflow: ProcessAttestationDecision as Initiator.
UpdatePersonManagementRolesDirect assignment to Request Workflow: UpdatePersonManagementRoles as Initiator.
CheckOutAccountVaultedPasswordDirect assignment to Request Workflow: CheckOutAccountVaultedPassword as Initiator.
ChangePersonBusinessRoleAndLocationDirect assignment to Request Workflow: ChangePersonBusinessRoleAndLocation as Initiator.
ClaimBusinessProcessTaskDirect assignment to Request Workflow: ClaimBusinessProcessTask as Initiator.
RemoveBusinessProcessTaskDelegateDirect assignment to Request Workflow: RemoveBusinessProcessTaskDelegate as Initiator.
SetBusinessProcessTaskDelegateDirect assignment to Request Workflow: SetBusinessProcessTaskDelegate as Initiator.
ClaimPasswordVaultAccountDirect assignment to Request Workflow: ClaimPasswordVaultAccount as Initiator.
ClaimAccountDirect assignment to Request Workflow: ClaimAccount as Initiator.
ViewPersonDirect assignment to Request Workflow: ViewPerson as Initiator.
UnenrollPersonDirect assignment to Request Workflow: UnenrollPerson as Initiator.
UpdatePersonApplicationGroupMembershipDirect assignment to Request Workflow: UpdatePersonApplicationGroupMembership as Initiator.
TerminateWorkflowDirect assignment to Request Workflow: TerminateWorkflow as Initiator.
UnclaimSSOAccountDirect assignment to Request Workflow: UnclaimSSOAccount as Initiator.
ClaimSSOAccountDirect assignment to Request Workflow: ClaimSSOAccount as Initiator.
UpdatePersonManagementRoleAssignmentsDirect assignment to Request Workflow: UpdatePersonManagementRoleAssignments as Initiator.
SelfServicePersonLeaveGroupDirect assignment to Request Workflow: SelfServicePersonLeaveGroup as Initiator.
SelfServicePersonJoinGroupDirect assignment to Request Workflow: SelfServicePersonJoinGroup as Initiator.
SelfServiceAccountJoinGroupDirect assignment to Request Workflow: SelfServiceAccountJoinGroup as Initiator.
EditManagementRoleNoUIDirect assignment to Request Workflow: EditManagementRoleNoUI as Initiator.
PersonEditNonResourceManagerDirect assignment to Request Workflow: PersonEditNonResourceManager as Initiator.
PasswordResetCenterOTPDirect assignment to Request Workflow: PasswordResetCenterOTP as Initiator.
AddRbacResourceRoleAssignmentDirect assignment to Request Workflow: AddRbacResourceRoleAssignment as Initiator.
ResourceManagerUpdateProtectedApplicationResourceDirect assignment to Request Workflow: ResourceManagerUpdateProtectedApplicationResource as Initiator.
EmailLostUsernameDirect assignment to Request Workflow: EmailLostUsername as Initiator.
AssetAccessRequestDirect assignment to Request Workflow: AssetAccessRequest as Initiator.
AssetAccessRequestSelfServiceDirect assignment to Request Workflow: AssetAccessRequestSelfService as Initiator.
ResourceManagerAccountUpdateDirect assignment to Request Workflow: ResourceManagerAccountUpdate as Initiator.
ResourceManagerUpdateMailboxDirect assignment to Request Workflow: ResourceManagerUpdateMailbox as Initiator.
ResourceManagerEditGroupDirect assignment to Request Workflow: ResourceManagerEditGroup as Initiator.
AddResourceRoleDirect assignment to Request Workflow: AddResourceRole as Initiator.
EnrollDirect assignment to Request Workflow: Enroll as Initiator.
UpdatePersonGroupMembershipDirect assignment to Request Workflow: UpdatePersonGroupMembership as Initiator.
AssetProvisionSelfServiceDirect assignment to Request Workflow: AssetProvisionSelfService as Initiator.





Grants limited access. Typically includes password self-service.



\\



In this table, the Assignment Type is Direct, the Resource Type is Control (User Interface), and the Access Level is Viewer.



\\


ResourceAssignment Description
Global Flyout menuDirect Assignment to Global Flyout Menu as Viewer.
IT Shop WorkflowsDirect Assignment to IT Shop Workflows as Viewer.
SharePoint Claims PickerDirect Assignment to SharePoint Claims Picker as Viewer.



\\



In this table, the Assignment Type is Direct, the Resource Type is Pages and Reports, and the Access Level is Viewer.



\\


ResourceAssignment Description
Enrollment Standalone Workflow PageDirect Assignment to Enrollment Standalone Workflow Page as Viewer.
Change Password Standalone Workflow PageDirect Assignment to Change Password Workflow Page as Viewer.


\\



In this table, the Assignment Type is Direct, the Resource Type is Workflow, and the Access Level is Initiator.



\\


ResourceAssignment Description
LoginDirect Assignment to Login as Initiator.
ResumeWorkflowsDirect Assignment to ResumeWorkflows as Initiator.
AuthenticationLevel2OATHLoginDirect Assignment to AuthenticationLevel2OATHLogin as Initiator.
RequestOathTokenDirect Assignment to RequestOathToken as Initiator.





Users with this Management Role can create and manage apps and SSO connections.



\\



In this table, the Assignment Type is Direct, the Resource Type is Control (User Interface), and the Access Level is Viewer.



\\


ResourceAssignment Description
Shopping CartDirect Assignment to Shopping Cart as Viewer.



\\



In this table, the Assignment Type is Direct, the Resource Type is Pages and Reports, and the Access Level is Viewer.



\\


ResourceAssignment Description
FindProtectedApplicationResourceApplication PageDirect Assignment to FindProtectedApplicationResourceApplication Page as Viewer.
Create Application PageDirect Assignment to Create Application Page as Viewer.
View Group PageDirect Assignment to View Group Page as Viewer.
Create SAML AuthN RequestDirect Assignment to Create SAML AuthN Request as Viewer.


\\



In this table, the Assignment Type is Direct, the Resource Type is Workflow, and the Access Level is Initiator.



\\


ResourceAssignment Description
CreateApplicationDirect Assignment to CreateApplication as Initiator.
EditSAMLSingleSignOnDirect Assignment to EditSAMLSingleSignOn as Initiator.
UpdateApplicationDirect Assignment to UpdateApplication as Initiator.
UpdateAssignmentsDirect Assignment to UpdateAssignments as Initiator.





Grants full access to the SSO and vaulted credential workflows and user interfaces to allow a user to sign in to SSO applications.


\\



In this table, the Assignment Type is Direct, the Resource Type is Control (User Interface), and the Access Level is Viewer.



\\


ResourceAssignment Description
Shared Credentials TabDirect Assignment to Shared Credentials Tab as Viewer.



\\



In this table, the Assignment Type is Direct, the Resource Type is Pages and Reports, and the Access Level is Viewer.



\\


ResourceAssignment Description
SSO Applications PageDirect Assignment to SSO Applications Page as Viewer.
Saved Credentials PageDirect Assignment to Saved Credentials Page as Viewer.


\\



In this table, the Assignment Type is Direct, the Resource Type is Workflow, and the Access Level is Initiator.



\\


ResourceAssignment Description
ClaimSSOAccountDirect Assignment to ClaimSSOAccount as Initiator.
DeleteOwnSSOAccountDirect Assignment to DeleteOwnSSOAccount as Initiator.
UpdatePersonSecretsDirect Assignment to UpdatePersonSecrets as Initiator.
EditFormsSSOCredentialsDirect Assignment to EditFormsSSOCredentials as Initiator.
UpdateFormsSSOCredentialSharedPeopleDirect Assignment to UpdateFormsSSOCredentialSharedPeople as Initiator.
UpdateExternalCredentialsDirect Assignment to UpdateExternalCredentials as Initiator.
UpdateExternalCredentialSharedPeopleDirect Assignment to UpdateExternalCredentialSharedPeople as Initiator.
ResetMasterPasswordDirect Assignment to ResetMasterPassword as Initiator.





Grants limited access to the SSO and vaulted credential workflows and user interfaces to allow a user to sign in to SSO applications.


\\



In this table, the Assignment Type is Direct, the Resource Type is Pages and Reports, and the Access Level is Viewer.



\\


ResourceAssignment Description
SSO Applications PageDirect Assignment to SSO Applications Page as Viewer.


\\



In this table, the Assignment Type is Direct, the Resource Type is Workflow, and the Access Level is Initiator.



\\


ResourceAssignment Description
ClaimSSOAccountDirect Assignment to ClaimSSOAccount as Initiator.
DeleteOwnSSOAccountDirect Assignment to DeleteOwnSSOAccount as Initiator.
UpdatePersonSecretsDirect Assignment to UpdatePersonSecrets as Initiator.
EditFormsSSOCredentialsDirect Assignment to EditFormsSSOCredentials as Initiator.
UpdateFormsSSOCredentialSharedPeopleDirect Assignment to UpdateFormsSSOCredentialSharedPeople as Initiator.
ResetMasterPasswordDirect Assignment to ResetMasterPassword as Initiator.





Users with this Management Role have access to Microsoft SQL Server Reporting Services Administrator.




Users with this Management Role have access to Microsoft SQL Server Reporting Services Developer.




Users with this Management Role have access to Microsoft SQL Server Reporting Services Administrator.




Users with this Management Role have access to view Microsoft SQL Server Reporting Services.




This Management Role grants users the ability to see all EmpowerID user interfaces as well as the ability to initiate any workflow.


\\



In this table, the Assignment Type is Scoped At Location and the Access Level is Requester.



\\


Resource TypeAssignment Description
Access RequestAssignment to any Access Request as Requestor scoped at EmpowerID System.
Asset RequestAssignment to any Asset Request as Requestor scoped at EmpowerID System.



\\



In this table, the Assignment Type is Scoped At Location.



\\


Resource TypeAccess LevelAssignment Description
Control (User Interface)ViewerAssignment to any Control (User Interface) as Viewer scoped at EmpowerID System.
Pages and ReportsViewerAssignment to any Pages and Reports as Viewer scoped at EmpowerID System.
WorkflowInitiatorAssignment to any Workflow as Initiator scoped at EmpowerID System.


\\



In this table, the Assignment Type is Direct and the Access Level is Viewer.



\\


Resource TypeResourceAssignment Description
Control (User Interface)Global Person Search BoxDirect assignment to Global Person Search Box as Viewer.
Pages and ReportsUser Compliance DashboardDirect assignment to User Compliance Dashboard as Initiator.
Pages and ReportsChange Password Standalone WorkflowDirect assignment to Change Password Standalone Workflow as Initiator.
Pages and ReportsEnrollment Standalone WorkflowDirect assignment to Enrollment Standalone Workflow as Initiator.
Pages and ReportsIT ShopDirect assignment to IT Shop as Initiator.


\\



In this table, the Assignment Type is Direct, the Resource Type is Web Service, and the Access Level is Executor.



\\


ResourceAssignment Description
LoginServiceDirect assignment to LoginService as Executor.
LoginService.HasRightsToCallDirect assignment to LoginService.HasRightsToCall as Executor.
LoginService.RunLoginWorkflowDirect assignment to LoginService.RunLoginWorkflow as Executor.


\\



In this table, the Assignment Type is Direct, the Resource Type is Workflow, and the Access Level is Initiator.



\\


ResourceAssignment Description
AddRbacResourceRoleAssignmentDirect assignment to AddRbacResourceRoleAssignment as Initiator.
AddResourceAttestationCommentDirect assignment to AddResourceAttestationComment as Initiator.
AddResourceRoleDirect assignment to AddResourceRole as Initiator.
AssetAccessRequestDirect assignment to AssetAccessRequest as Initiator.
AssetAccessRequestSelfServiceDirect assignment to AssetAccessRequestSelfService as Initiator.
AssetProvisionSelfServiceDirect assignment to AssetProvisionSelfService as Initiator.
AuthenticationLevel2OATHLoginDirect assignment to AuthenticationLevel2OATHLogin as Initiator.
BulkAddRemoveExchangeMailboxEmailAddressesDirect assignment to BulkAddRemoveExchangeMailboxEmailAddresses as Initiator.
ChangePasswordDirect assignment to ChangePassword as Initiator.
ClaimAccountDirect assignment to ClaimAccount as Initiator.
ClaimBusinessProcessTaskDirect assignment to ClaimBusinessProcessTask as Initiator.
ClaimPasswordVaultAccountDirect assignment to ClaimPasswordVaultAccount as Initiator.
ClaimResourceAttestationDirect assignment to ClaimResourceAttestation as Initiator.
ClaimSSOAccountDirect assignment to ClaimSSOAccount as Initiator.
CreateAssetDirect assignment to CreateAsset as Initiator.
CreateAssetMailboxDirect assignment to CreateAssetMailbox as Initiator.
CreateGenericAssetDirect assignment to CreateGenericAsset as Initiator.
CreateLaptopAssetDirect assignment to CreateLaptopAsset as Initiator.
CreatePersonDirect assignment to CreatePerson as Initiator.
DeleteOwnSSOAccountDirect assignment to DeleteOwnSSOAccount as Initiator.
EditManagementRoleNoUIDirect assignment to EditManagementRoleNoUI as Initiator.
EditPasswordVaultAccountDirect assignment to EditPasswordVaultAccount as Initiator.
EnrollDirect assignment to Enroll as Initiator.
EnrollmentDirect assignment to Enrollment as Initiator.
LoginDirect assignment to Login as Initiator.
PasswordResetCenterDirect assignment to PasswordResetCenter as Initiator.
PasswordResetCenterOTPDirect assignment to PasswordResetCenterOTP as Initiator.
PersonEditNonResourceManagerDirect assignment to PersonEditNonResourceManager as Initiator.
PersonPhotoApprovalDirect assignment to PersonPhotoApproval as Initiator.
ProfileManagerDirect assignment to ProfileManager as Initiator.
ProvisionAssetForPersonDirect assignment to ProvisionAssetForPerson as Initiator.
RemoveBusinessProcessTaskDelegateDirect assignment to RemoveBusinessProcessTaskDelegate as Initiator.
RequestOathTokenDirect assignment to RequestOathToken as Initiator.
ResetPasswordVaultAccountPasswordDirect assignment to ResetPasswordVaultAccountPassword as Initiator.
ResourceManagerAccountUpdateDirect assignment to ResourceManagerAccountUpdate as Initiator.
ResourceManagerEditGroupDirect assignment to ResourceManagerEditGroup as Initiator.
ResourceManagerUpdateMailboxDirect assignment to ResourceManagerUpdateMailbox as Initiator.
ResourceManagerUpdateProtectedApplicationResourceDirect assignment to ResourceManagerUpdateProtectedApplicationResource as Initiator.
ResumeWorkflowsDirect assignment to ResumeWorkflows as Initiator.
SelfServiceAccountJoinGroupDirect assignment to SelfServiceAccountJoinGroup as Initiator.
SelfServicePersonJoinGroupDirect assignment to SelfServicePersonJoinGroup as Initiator.
SelfServicePersonLeaveGroupDirect assignment to SelfServicePersonLeaveGroup as Initiator.
SendPersonOneTimePasswordDirect assignment to SendPersonOneTimePassword as Initiator.
SetBusinessProcessTaskDelegateDirect assignment to SetBusinessProcessTaskDelegate as Initiator.
SubmitSingleAttestationResponseDirect assignment to SubmitSingleAttestationResponse as Initiator.
SubmitSingleSodViolationResponseDirect assignment to SubmitSingleSodViolationResponse as Initiator.
TerminateWorkflowDirect assignment to TerminateWorkflow as Initiator.
UnclaimBusinessProcessTaskDirect assignment to UnclaimBusinessProcessTask as Initiator.
UnclaimResourceAttestationDirect assignment to UnclaimResourceAttestation as Initiator.
UnclaimSSOAccountDirect assignment to UnclaimSSOAccount as Initiator.
UnenrollPersonDirect assignment to UnenrollPerson as Initiator.
UpdateAccountGroupMembershipDirect assignment to UpdateAccountGroupMembership as Initiator.
UpdateAssignmentsDirect assignment to UpdateAssignments as Initiator.
UpdateDirectAssignmentTimeConstraintDirect assignment to UpdateDirectAssignmentTimeConstraint as Initiator.
UpdateGroupAccountAssignmentDirect assignment to UpdateGroupAccountAssignment as Initiator.
UpdateGroupMemberGroupsDirect assignment to UpdateGroupMemberGroups as Initiator.
UpdateManagementRoleAssignmentsDirect assignment to UpdateManagementRoleAssignments as Initiator.
UpdatePersonAccountsDirect assignment to UpdatePersonAccounts as Initiator.
UpdatePersonAssetsDirect assignment to UpdatePersonAssets as Initiator.
UpdatePersonBusinessRolesDirect assignment to UpdatePersonBusinessRoles as Initiator.
UpdatePersonDirectAssignmentDirect assignment to UpdatePersonDirectAssignment as Initiator.
UpdatePersonGroupMembershipDirect assignment to UpdatePersonGroupMembership as Initiator.
UpdatePersonManagementRoleAssignmentsDirect assignment to UpdatePersonManagementRoleAssignments as Initiator.
UpdatePersonManagementRolesDirect assignment to UpdatePersonManagementRoles as Initiator.
UpdatePersonRelationshipsDirect assignment to UpdatePersonRelationships as Initiator.
UpdateResourceAssignmentsDirect assignment to UpdateResourceAssignments as Initiator.
UpdateResourceAssignmentsByResourceDirect assignment to UpdateResourceAssignmentsByResource as Initiator.
UpdateResourceLocationsDirect assignment to UpdateResourceLocations as Initiator.
UpdateResourceTagsDirect assignment to UpdateResourceTags as Initiator.
ViewPersonDirect assignment to ViewPerson as Initiator.





Grants full access to the business process task workflows and user interfaces.



\\



In this table, the Assignment Type is Direct, the Resource Type is Pages and Reports, and the Access Level is Viewer.



\\


ResourceAssignment Description
Request Center Tasks To DoDirect Assignment to Request Center Tasks To Do as Viewer.
Request Center Tasks DoneDirect Assignment to Request Center Tasks Done as Viewer.
Request Center Requests My OpenDirect Assignment to Request Center Requests My Open as Viewer.
Request Center Requests My CompleteDirect Assignment to Request Center Requests My Complete as Viewer.
Request Center Tasks My ReportsDirect Assignment to Request Center Tasks My Reports as Viewer.
Request Center Tasks AllDirect Assignment to Request Center Tasks All as Viewer.
Activity StreamDirect Assignment to Activity Stream as Viewer.


\\



In this table, the Assignment Type is Direct, the Resource Type is Workflow, and the Access Level is Initiator.



\\


ResourceAssignment Description
TerminateWorkflowDirect Assignment to TerminateWorkflow as Initiator.
ResumeWorkflowsDirect Assignment to ResurmeWorkflows as Initiator.
AddCommentToTaskDirect Assignment to AddCommentToTask as Initiator.
SetBusinessProcessTaskDelegateDirect Assignment to SetBusinessProcessTaskDelegate as Initiator.
RemoveBusinessProcessTaskDelegateDirect Assignment to RemoveBusinessProcessTaskDelegate as Initiator.
ClaimBusinessProcessTaskDirect Assignment to ClaimBusinessProcessTask as Initiator.
UnClaimBusinessProcessTaskDirect Assignment to UnClaimBusinessProcessTask as Initiator.
AddBusinessProcessTaskCommentDirect Assignment to AddBusinessProcessTaskComment as Initiator.







Grants limited access to the business process task workflows and user interfaces.


\\



In this table, the Assignment Type is Direct, the Resource Type is Pages and Reports, and the Access Level is Viewer.



\\


ResourceAssignment Description
Request Center Tasks To DoDirect Assignment to Request Center Tasks To Do as Viewer.
Request Center Tasks DoneDirect Assignment to Request Center Tasks Done as Viewer.
Request Center Requests My OpenDirect Assignment to Request Center Requests My Open as Viewer.
Request Center Requests My CompleteDirect Assignment to Request Center Requests My Complete as Viewer.
Activity StreamDirect Assignment to Activity Stream as Viewer.


\\



In this table, the Assignment Type is Direct, the Resource Type is Workflow, and the Access Level is Initiator.



\\


ResourceAssignment Description
TerminateWorkflowDirect Assignment to TerminateWorkflow as Initiator.
ResumeWorkflowsDirect Assignment to ResurmeWorkflows as Initiator.
AddCommentToTaskDirect Assignment to AddCommentToTask as Initiator.
RemoveBusinessProcessTaskDelegateDirect Assignment to RemoveBusinessProcessTaskDelegate as Initiator.
AddBusinessProcessTaskCommentDirect Assignment to AddBusinessProcessTaskComment as Initiator.











concepts:

EmpowerID RBAC Overview



administrative procedures:

Creating Management Role Definitions

Assigning Access Levels to Management Role Definitions

Cloning Management Role Definitions

Creating Management Roles

Assigning Access Levels to Management Roles

Assigning Management Roles

Publishing Resources to the IT Shop

Cloning Management Roles