Map Local Functions

Once a local function has been added to a global function — and the global function has been mapped to global roles or global rights — you can map the local function to these roles or rights specific to the function.

How to map rights and roles to local functions

1. On the navbar, expand Compliance and click Risk Management.

2. On the Risk Management page, select the Global Functions tab and then search for the global function with the local function you want to map.

3. Click the Name link for the global function.

   Open

   

    

4. On the Global Function Details page, select the Function Mapping Rules tab and then expand the Local Functions accordion.

5. Click the Name link for the local function.

   Open

   

    

6. On the Local Function Details page, select the Function Mappings tab and then expand the accordion relating to what you want to map.

   • Local Rights Granting Function (Mapped) — This accordion allows you to search for and select local versions of rights inherited from the parent global function. For example, if the parent global function is mapped to the microsoft.directory/groups.unified/members/update right, you will only be able to select that right in the actual entities, systems, and locations in your environment where they can do them.

   • Local Roles Granting Function (Mapped) — This accordion allows you to search for and select local versions of roles inherited from the parent global function. For example, if the parent global function is mapped to the Global Administrator role, you will only be able to select that right in the actual entities, systems, and locations in your environment where they can do them.

   • Assignees Granting Local Function (Mapped) — Allows you to specify one or more EmpowerID actor types with the function. Actor types can include:

     • Business Role and Location — All people belonging to the Business Role and Location will be flagged as having the function

     • Group — All people belonging to the group will be flagged as having the function

     • Management Role — All people belonging to the Management Role will be flagged as having the function

     • Management Role Definition — All people belonging to the Management Roles derived from the definition will be flagged as having the function

     • Person — The specified person will be flagged as having the function

     • Query-Based Collection — All people belonging to the Query-Based Collection will be flagged as having the function

7. Search for and select the rights and roles you want to map to the function. In the below example, we select the microsoft.directory/groups.unified/members/update right for the DocsScim system. In this way the function only returns users with that right in that system.

    

8. When you have finished mapping roles and rights, click Submit.

Next steps

• https://dotnetworkflow.jira.com/wiki/spaces/EAG/pages/1287258252

• https://dotnetworkflow.jira.com/wiki/spaces/EAG/pages/1282638224

• https://dotnetworkflow.jira.com/wiki/spaces/EAG/pages/1282408815