You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

Roles Needed to Manage Management Roles

EmpowerID restricts access to roles through the use of Management Roles. To work with roles, users must be assigned to the appropriate roles. Management Roles are prefixed by their function in EmpowerID and include the following:

  • UI — Management Roles prefixed with UI grant users access to specific UI elements in the EmpowerID Web interface.

  • VIS — Management Roles prefixed with VIS grant users the ability to see specific objects in EmpowerID.

  • ACT — Management Roles prefixed with ACT grant users the ability to manage specific objects in EmpowerID.

Roles needed to create, update and delete Management Roles

To create, update and delete Management Roles, users need to have a combination of the following Management Role assignments (based on the needed scope):

Management Role

Access Granted by Management Role

Role Type

Management Role

Access Granted by Management Role

Role Type

UI-Management-Role-Object-Administration

Grants access to the user interfaces and workflows to create Person objects.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

  • Find Management Role Page

    • Viewer for the page

    • Viewer for Advanced Tab

    • Viewer for the All Roles Tab

    • Viewer for the Management Role Definition Tab

    • Viewer for the Location Tree

  • Management Role View One Page

    • Viewer for the page

    • Viewer for the Actions Accordion

    • Viewer for the More Info Accordion

    • Viewer for the Advanced Tab

  • Management Role Edit One Page

    • Viewer for the page

  • Management Role Definition View One Page

    • Viewer for the page

    • Viewer for the Actions Accordion

  • Management Role Definition Edit One Page

    • Viewer for the page

  • Resultant Resource Locations Page

    • Viewer for the control

  • Create Management Role Page

    • Viewer for the page

  • Create Management Role Definition Page

    • Viewer for the page

  • EmpowerID Protected Application

    • Viewer for the control

  • Management Role Resource Type DropDown Item

    • Viewer for the control

WORKFLOW ACCESS

  • Management Role New

    • Initiator for the workflow

  • Edit Management Role NoUI

    • Initiator for the workflow

  • Delete Management Role

    • Initiator for the workflow

  • Management Role Definition New

    • Initiator for the workflow

  • Edit Management Role Definition NoUI

    • Initiator for the workflow

  • Delete Management Role Definition NoUI

    • Initiator for the workflow

  • Update Owner Assignee

    • Initiator for the workflow

  • Update Resource Locations

    • Initiator for the workflow

  • Update Resource Tags

    • Initiator for the workflow

  • Update Person Catalog Category Requestable Entitlements

    • Initiator for the workflow

VIS-Management-Role-MyLocations

Grants visibility for all Management Roles in a person's locations. Visibility is needed to access the Action links related to Management Roles.

Visibility

ACT-Management-Role-Object-Administration-MyLocations

Grants the ability to create, update, and delete Management Roles in a person's locations.

Activity

VIS-Management-Role-Definition-All

Grants visibility for all Management Role Definitions in the system.

Visibility

Management Role

Access Granted by Management Role

Role Type

Management Role

Access Granted by Management Role

Role Type

UI-Management-Role-Object-Administration

Grants access to the user interfaces and workflows to create Person objects.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

  • Find Management Role Page

    • Viewer for the page

    • Viewer for Advanced Tab

    • Viewer for the All Roles Tab

    • Viewer for the Management Role Definition Tab

    • Viewer for the Location Tree

  • Management Role View One Page

    • Viewer for the page

    • Viewer for the Actions Accordion

    • Viewer for the More Info Accordion

    • Viewer for the Advanced Tab

  • Management Role Edit One Page

    • Viewer for the page

  • Management Role Definition View One Page

    • Viewer for the page

    • Viewer for the Actions Accordion

  • Management Role Definition Edit One Page

    • Viewer for the page

  • Resultant Resource Locations Page

    • Viewer for the control

  • Create Management Role Page

    • Viewer for the page

  • Create Management Role Definition Page

    • Viewer for the page

  • EmpowerID Protected Application

    • Viewer for the control

  • Management Role Resource Type DropDown Item

    • Viewer for the control

WORKFLOW ACCESS

  • Management Role New

    • Initiator for the workflow

  • Edit Management Role NoUI

    • Initiator for the workflow

  • Delete Management Role

    • Initiator for the workflow

  • Management Role Definition New

    • Initiator for the workflow

  • Edit Management Role Definition NoUI

    • Initiator for the workflow

  • Delete Management Role Definition NoUI

    • Initiator for the workflow

  • Update Owner Assignee

    • Initiator for the workflow

  • Update Resource Locations

    • Initiator for the workflow

  • Update Resource Tags

    • Initiator for the workflow

  • Update Person Catalog Category Requestable Entitlements

    • Initiator for the workflow

VIS-Management-Role-MyOrg

Grants visibility for all Management Roles in a person's organizations. Visibility is needed to access the Action links related to Management Roles.

Visibility

ACT-Management-Role-Object-Administration-MyOrg

Grants the ability to create, update, and delete Management Roles in a person's organizations.

Activity

VIS-Management-Role-Definition-All

Grants visibility for all Management Role Definitions in the system.

Visibility

Management Role

Access Granted by Management Role

Role Type

Management Role

Access Granted by Management Role

Role Type

UI-Management-Role-Object-Administration

Grants access to the user interfaces and workflows to create Person objects.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

  • Find Management Role Page

    • Viewer for the page

    • Viewer for Advanced Tab

    • Viewer for the All Roles Tab

    • Viewer for the Management Role Definition Tab

    • Viewer for the Location Tree

  • Management Role View One Page

    • Viewer for the page

    • Viewer for the Actions Accordion

    • Viewer for the More Info Accordion

    • Viewer for the Advanced Tab

  • Management Role Edit One Page

    • Viewer for the page

  • Management Role Definition View One Page

    • Viewer for the page

    • Viewer for the Actions Accordion

  • Management Role Definition Edit One Page

    • Viewer for the page

  • Resultant Resource Locations Page

    • Viewer for the control

  • Create Management Role Page

    • Viewer for the page

  • Create Management Role Definition Page

    • Viewer for the page

  • EmpowerID Protected Application

    • Viewer for the control

  • Management Role Resource Type DropDown Item

    • Viewer for the control

WORKFLOW ACCESS

  • Management Role New

    • Initiator for the workflow

  • Edit Management Role NoUI

    • Initiator for the workflow

  • Delete Management Role

    • Initiator for the workflow

  • Management Role Definition New

    • Initiator for the workflow

  • Edit Management Role Definition NoUI

    • Initiator for the workflow

  • Delete Management Role Definition NoUI

    • Initiator for the workflow

  • Update Owner Assignee

    • Initiator for the workflow

  • Update Resource Locations

    • Initiator for the workflow

  • Update Resource Tags

    • Initiator for the workflow

  • Update Person Catalog Category Requestable Entitlements

    • Initiator for the workflow

VIS-Management-Role-All

Grants visibility for all Management Roles in the system. Visibility is needed to access the Action links related to Management Roles.

Visibility

ACT-Management-Role-Object-Administration-All

Grants the ability to create, update, and delete all Management Roles.

Activity

VIS-Management-Role-Definition-All

Grants visibility for all Management Role Definitions in the system.

Visibility

ACT-Management-Role-Definition-Object-Administration-All

Grants the ability to create, update, and delete all Management Role Definitions.

Activity

Roles needed to manage role membership

To manage role membership, users need to have a combination of the following Management Role assignments (based on the needed scope):

Management Role

Access Granted by Management Role

Role Type

Management Role

Access Granted by Management Role

Role Type

UI-Management-Role-Membership-Management

Grants access to the user interfaces and workflows to create Person objects.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

  • Find Person Page

    • Viewer for the page

    • Viewer for the People Tab

  • View One Person Page

    • Viewer for the page

    • Viewer for the Manage Tab

    • Viewer for the Roles, Account, Login Security and Management Roles control

    • Viewer for the Advanced Attributes Editable Lists

  • Find Management Role Page

    • Viewer for the page

    • Viewer for the All Roles Tab

  • Management Role View One Page

    • Viewer for the page

    • Viewer for the General Tab

    • Viewer for the More Info Accordion

    • Viewer for the People Members of Management Role Grid

  • Resultant Resource Locations Page

    • Viewer for the control

 

WORKFLOW ACCESS

  • Update Management Role Assignments

    • Initiator for the workflow

  • Update Person Management Role Assignments

    • Initiator for the workflow

VIS-Management-Role-MyLocations

Grants visibility for all Management Roles in a person's locations.

Visibility

ACT-Management-Role-Membership-MyLocations

Grants the ability to manage the membership of Management Roles in a person's locations.

Activity

Management Role

Access Granted by Management Role

Role Type

Management Role

Access Granted by Management Role

Role Type

UI-Management-Role-Membership-Management

Grants access to the user interfaces and workflows to create Person objects.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

  • Find Person Page

    • Viewer for the page

    • Viewer for the People Tab

  • View One Person Page

    • Viewer for the page

    • Viewer for the Manage Tab

    • Viewer for the Roles, Account, Login Security and Management Roles control

    • Viewer for the Advanced Attributes Editable Lists

  • Find Management Role Page

    • Viewer for the page

    • Viewer for the All Roles Tab

  • Management Role View One Page

    • Viewer for the page

    • Viewer for the General Tab

    • Viewer for the More Info Accordion

    • Viewer for the People Members of Management Role Grid

  • Resultant Resource Locations Page

    • Viewer for the control

 

WORKFLOW ACCESS

  • Update Management Role Assignments

    • Initiator for the workflow

  • Update Person Management Role Assignments

    • Initiator for the workflow

VIS-Management-Role-MyOrg

Grants visibility for all Management Roles in a person's organizations.

Visibility

ACT-Management-Role-Membership-MyOrg

Grants the ability to manage the membership of Management Roles in a person's organizations.

Activity

Roles needed to manage the RBAC delegations granted to roles

To manage the RBAC delegations of access granted to roles, users need to have a combination of the following Management Role assignments (based on the needed scope):

IN THIS ARTICLE