You can create Visibility Restriction policies to limit the ability of policy holders to view resources in EmpowerID. These policies are like RBAC delegations in that you can assign them to any EmpowerID Actor. Once assigned to an actor, any Person belonging to that actor receives the policy. For example, if your organization uses the services of contractors, you could create a Visibility Restriction policy that only allows contractors to see other contractors within the organization, and apply that policy to a group or Management Role designated for Contractors. Then, when a contractor logs in, they can only see other contractors.
Visibility restriction policies do not affect the EmpowerIDAdmin user. |
This topic demonstrates how to create Visibility Restriction policies.
Type the name of the specific actor to whom the policy is to be assigned in the Assignee field and click the tile that appears for that actor.
This field binds to the value of the Assign Policy To drop-down, so you can only input an actor matching the selected Actor type. For example, if you select Group from the Assign Policy To drop-down, then you can only search for and input a group in the Assignee field. |
This example assigns the policy to the Contractors group.
Scoped At Location - Policy holders can only see resource objects of a specific type in a specific location, such as all computers or all people in Boston.
|