Responsible Parties
EmpowerID supports assigning and tracking responsible parties for key objects like accounts, groups, computers, management roles, locations, and shared credentials. This responsibility relationship differs from that of a Person owning an account. An account owned by a Person represents that person and serves as their personal account. Responsible parties are assigned to signify who is responsible for an IT object from a security and audit perspective.
Any EmpowerID RBAC Actor Type can be assigned as the responsible party, but most organizations configure EmpowerID to only allow the assignment of a Person. The field that stores this assignment is called OwnerAssigneeID, and you can find it in each supported object's table.
You can assign responsibility for EmpowerID objects using the Responsible Party property on the Details page for the object, or you can bulk assign responsibility for a number of the same type of objects using an action found on the object type's ViewMany page. Once assigned, you can transfer responsibility from one party to another.
When a person is leaving or changing positions, you can transfer all of their responsibilities to another party. You can either do this manually, using the Transfer Responsibilities workflow, or automate the process in a Planned Leaver Event.
To help you avoid situations where you have objects with no responsible party, you can run reports to find them.
- Changing the Responsible Party Type
- Administering Account Responsibility
- Transferring Responsibility for Accounts
- Administering Computer Responsibility
- Administering Group Responsibility
- Transferring Responsibility for Groups
- Administering Management Role Responsibility
- Viewing a Person's Responsibilities
- Automating Responsibility Transfer
- Assign Relative Access for Responsibilities