Assigning Access Levels to Management Roles

Home / Authorization RBAC/ABAC / Management Roles / Current: Assigning Access Levels to Management Roles

EmpowerID Access Levels, also known as Resource Roles, are collections of "operational capabilities" and/or "native system rights" specific to a particular resource type, such as an account, group or mailbox. When you assign an Access Level to a Management Role, you give anyone assigned membership in the Management Role the ability to perform those operations or tasks against a selected resource.

To assign Access Levels to Management Roles

  1. In the Navigation Sidebar of the EmpowerID Web interface, expand Identities and click Manage Delegations.
  2. On the Actor Delegations tab, drop down the Assignee Type and select Management Role.
  3. Enter the name of the Management Role to delegate access to in the Enter a Management Role Name to Search field and click the tile for the role.

  4. Drop down the Assignment Type and select By Location. Selecting By Location gives the Management Role access to all resources of a resource type in a location and all its child locations.
  5. In the Assignments grid, click the Add Assignments (+) button.

  6. In the Grant Access dialog that appears, select the resource type for which to give the Management Role an access level. This example selects the Computer resource type.
  7. Under For Resource in or Below, click the Select a Location link, and in the Location Selector that appears, search for and select the location in which you want the Access Level to have effect.

  8. Click Save to close the Location Selector.
  9. Drop down the Access Level and select the one to assign to the Management Role. This example uses the Administrator Access Level. This gives anyone who is assigned to the Management Role all of the EmpowerID Operations and native system rights delegated to the Management Role.
  10. Optionally, select Time Constraint to add a time constraint to the Access Level assignment. When this option is selected, click in the Valid From and Valid To fields and pick Calendar values to set date and time ranges.

  11. Click Save to add the assignment to the shopping cart.

  12. Repeat for each Access Level to assign to the Management Role Definition, and when you have finished adding Access Level assignments, click the Shopping Cart icon, type a reason for the assignments in the cart dialog and click Submit