You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Role Management Roles
- Phillip Hanegan
EmpowerID restricts access to roles through the use of Management Roles. To work with roles, users must be assigned to the appropriate roles. Management Roles are prefixed by their function in EmpowerID and include the following:
UI — Management Roles prefixed with UI grant users access to specific UI elements in the EmpowerID Web interface.
VIS — Management Roles prefixed with VIS grant users the ability to see specific objects in EmpowerID.
ACT — Management Roles prefixed with ACT grant users the ability to manage specific objects in EmpowerID.
Roles needed to create, update and delete Management Roles
To create, update and delete Management Roles, users need to have a combination of the following Management Role assignments (based on the needed scope):
Management Role | Access Granted by Management Role | Role Type |
---|
Management Role | Access Granted by Management Role | Role Type |
---|---|---|
UI-Management-Role-Object-Administration | Grants access to the user interfaces and workflows to create Person objects. | Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESS
WORKFLOW ACCESS
|
VIS-Management-Role-MyLocations | Grants visibility for all Management Roles in a person's locations. Visibility is needed to access the Action links related to Management Roles. | Visibility |
ACT-Management-Role-Object-Administration-MyLocations | Grants the ability to create, update, and delete Management Roles in a person's locations. | Activity |
VIS-Management-Role-Definition-All | Grants visibility for all Management Role Definitions in the system. | Visibility |
Management Role | Access Granted by Management Role | Role Type |
---|
Management Role | Access Granted by Management Role | Role Type |
---|---|---|
UI-Management-Role-Object-Administration | Grants access to the user interfaces and workflows to create Person objects. | Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESS
WORKFLOW ACCESS
|
VIS-Management-Role-MyOrg | Grants visibility for all Management Roles in a person's organizations. Visibility is needed to access the Action links related to Management Roles. | Visibility |
ACT-Management-Role-Object-Administration-MyOrg | Grants the ability to create, update, and delete Management Roles in a person's organizations. | Activity |
VIS-Management-Role-Definition-All | Grants visibility for all Management Role Definitions in the system. | Visibility |
Management Role | Access Granted by Management Role | Role Type |
---|
Management Role | Access Granted by Management Role | Role Type |
---|---|---|
UI-Management-Role-Object-Administration | Grants access to the user interfaces and workflows to create Person objects. | Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESS
WORKFLOW ACCESS
|
VIS-Management-Role-All | Grants visibility for all Management Roles in the system. Visibility is needed to access the Action links related to Management Roles. | Visibility |
ACT-Management-Role-Object-Administration-All | Grants the ability to create, update, and delete all Management Roles. | Activity |
VIS-Management-Role-Definition-All | Grants visibility for all Management Role Definitions in the system. | Visibility |
ACT-Management-Role-Definition-Object-Administration-All | Grants the ability to create, update, and delete all Management Role Definitions. | Activity |
Roles needed to manage role membership
To manage role membership, users need to have a combination of the following Management Role assignments (based on the needed scope):
Management Role | Access Granted by Management Role | Role Type |
---|
Management Role | Access Granted by Management Role | Role Type |
---|---|---|
UI-Management-Role-Membership-Management | Grants access to the user interfaces and workflows to create Person objects. | Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESS
WORKFLOW ACCESS
|
VIS-Management-Role-MyLocations | Grants visibility for all Management Roles in a person's locations. | Visibility |
ACT-Management-Role-Membership-MyLocations | Grants the ability to manage the membership of Management Roles in a person's locations. | Activity |
Management Role | Access Granted by Management Role | Role Type |
---|
Management Role | Access Granted by Management Role | Role Type |
---|---|---|
UI-Management-Role-Membership-Management | Grants access to the user interfaces and workflows to create Person objects. | Feature Set — Inherits the below Access Levels from the parent Management Role Definition: PAGES AND CONTROLS ACCESS
WORKFLOW ACCESS
|
VIS-Management-Role-MyOrg | Grants visibility for all Management Roles in a person's organizations. | Visibility |
ACT-Management-Role-Membership-MyOrg | Grants the ability to manage the membership of Management Roles in a person's organizations. | Activity |
Roles needed to manage the RBAC delegations granted to roles
To manage the RBAC delegations of access granted to roles, users need to have a combination of the following Management Role assignments (based on the needed scope):