You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

PBAC Membership Policy Types

PBAC membership policies are policies you create to specify the conditions under which an EmpowerID actor, such as a person or a Business Role and Location can be added to or potentially added to Management Roles, groups, Business Roles and Locations, or Query-Based Collections. PBAC membership policies are comprised of Attribute-Based membership policies, which contain rules defining the field types, field type values, and rights needed by users for the system to add them to the target of the policy. In this article, we discuss the components of PBAC Membership policies and how to create and use them.

In this post, we are going to discuss the four types of PBAC membership policies.

Types of PBAC membership policies

There are four types of PBAC membership policies.

  1. Eligible - Users can request items in the IT Shop, and the request will go for approval unless the requesting person has the RBAC delegations needed to grant the access being requested.

  2. Member - Users assigned the policies will be members for the items to which the policy is applicable. However, when the IT Shop user later requests access, it will require an approval step before being fulfilled. 

  3. Pre Approved - Users assigned the policies are pre-approved for the items to which the policy is applicable. When the IT Shop user later requests access, it will not require an approval step before being fulfilled. 

  4. Suggested - The IT Shop item will show a “Suggested” additional item they may request because of their existing roles or in the context of a role they are currently requesting. The item will still follow standard approval routing rules. 

 

Related

PBAC Membership Policy How To -