Granting Access with RBAC Containers
Home /Identity Administration/ Access Assignments / Current: Granting Access using Target RBAC Containers
Target RBAC Containers allow you to grant users access to resources without requiring you to know the location of those resources. This is useful when delegating access to resources scattered across an enterprise. When you make this type of access assignment, you scope the assignment to all resources of a specific type within the Target RBAC Container. EmpowerID includes a number of Target RBAC Containers, with each container targeting a specific resource type. To view information about these types, expand the below drop-down.
Target RBAC Container Definitions
This topic demonstrates how to use Target RBAC Containers for access assignments by assigning a specific level of access against all people who are members of a target Management Role to another Management Role (the actor). In this way, anyone belonging to the "acting" Management Role can perform the operations associated with the access level against all people belonging to the target Management Role.
To grant access to resources using Target RBAC Containers
- In the Navigation Sidebar, expand Identities and click Manage Delegations.
- Select the Actor Delegations tab.
- Select Management Role from the To which type of actor do you wish to assign access? drop-down, type the name of the Management Role to whom you are delegating access in the Which Management Role needs access? field and then click the tile for that Management Role.
- Select Belonging to which Management Role from the Assign direct to resource or other method drop-down.
- Click the Add Access Assignments (+) button located in the grid header.
- In the Select the resource(s) to grant access to dialog that appears, do the following:
- From the Resource Type drop-down, select the resource type for the appropriate resources contained in the Target RBAC Container. In our example, since we selected Belonging to which Management Role as the Target RBAC Container, we can only select Person from the drop-down. This is because Management Roles are collections of people.
- Type the name of the target that contains the resources for which you want to give the assignee access and then click the tile for that target to select it. In our example, we are assigning a Management Role access to the resources in another Management Role (the target Management Role).
- Select the Access Level you want to grant from the Access Level drop-down. In our example, we are selecting the Administrator Access Level.
- Optionally, if you want to limit the access to a specified period of time, tick Time Constraint and select the appropriate dates from the Access Begins and Access Ends fields. Please note that clicking these fields opens a Calendar control for selecting the dates.
- Click Save to add the assignment to the shopping cart.
- Repeat step 5 above for each type of access assignment you want to make for the target.
- When you have finished adding access assignments, click the Shopping Cart at the top of the page, type a reason for the assignment and then click Submit.
Once the workflow processes the request, if no approval is needed, you should see the assignment(s) in the grid.