Configure Eligibility for Shared Folders

Eligibility rules allow you to restrict who can and cannot see and shop for IT resources that you have enabled for the IT Shop. Users added as eligible assignees for specific resources can shop for those objects in the IT Shop.

Add eligibility

On the navbar, expand Object Management and select Shared Folders.
Select the Non Home Folders tab and then search for the shared folder to which you want to add eligibility.
Click the Share Name link for the folder.
On the ViewOne page for the shared folder that appears, you should see three accordions related to eligibility. These are as follows:
- IT Shop Assignees for Requesting Access – This allows you to assign Access Levels for shared folders to specific assignees, such as a group or role. When users request access to the shared folder from the IT Shop, they are placed in the group or role with the requested role. Users need to be eligible to request access to the shared folder in order to select an Access Level. Available Access Levels include:
  - Full control
  - Modify
  - Read Only
- Who is Eligible to Request (As Resource) – Allows you to specify who is eligible to request access to the shared folder, as well as the eligibility type linked to them.
- Who is Excluded from Requesting (As Resource) – Allows you to specify who is not eligible to shop for the shared folder.
Expand the IT Shop Assigness for Requesting Access and do the following to assign Access Levels for the shared folder to a specific assignee (in this case, a group).
1. Access Level – Select the Access Level to be assigned to the assignee. Only one Access Level can be assigned to a group for any given shared folder.
2. Which Type of Assignee for this Policy? – Select the assignee type, such as group.
3. Select <Assignee> to Receive Policy – Search for and select the group to receive the Access Level.
4. Click Save and then click Submit.
  In the below image, the HDQ Sales group will be granted the Read Only Access Level to the target shared folder. Thus users requesting Read Only access to the Shared Folder are placed in the group upon approval.
5. Repeat the above steps for any other Access Level assignments you wish to make available for the shared folder. Keep in mind that only one Access Level can be assigned per shared folder and group. This means that if you want to make Read Only, Modify, and Full Control access available for a shared folder, then you need to assign each of those Access Levels to different groups.
Expand the Who is Eligible to Request (As Resource) accordion and do the following to give users the ability to shop for access to the shared folder:
1. Click the Add button in the grid header.
2. Fill in the fields of the Assignment Information pane:
  - Eligibility Type – Select Eligible, PreApproved, or Suggested.
  - Which Type of Assignee for this Policy – Search for and select the EmpowerID actor type for which you are granting eligibility. For example, if you want to grant eligibility to all members of a specific group, you select Group as the assignee type.
  - Select <Assignee> Name to Search – Search for and select the specific assignee eligible for access to the Management Role. The assignee must match the assignee type or it will not appear when searching. For example, if you select Group as the assignee type, you can only search for groups.
3. After entering your information, click Save.
4. Repeat the above steps for any other eligibility assignments desired.
5. Click Submit when ready to commit the eligibility assignments to the Identity Warehouse.
  
  Upon success, you should see the assignments in the grid.

Remove Eligibility

On the navbar, expand Object Administration and select Shared Folders.
Select the Non Home folders tab and then search for the folder from which you want to remove eligibility.
Click the Share Name link for the folder.
On the ViewOne page for the shared folder that appears, expand the Who is Eligible to Request (As Resource) accordion.
Click the trash can icon beside the assignment you wish to remove.
Click Submit.