EmpowerID restricts access to people through the use of Management Roles. To work with people users must be assigned to the appropriate roles. Management Roles are prefixed by their function in EmpowerID and include the following:
UI – Management Roles prefixed with UI grant users access to specific UI elements in the EmpowerID Web interface. An example of this type of role for people is UI-Person-Object-Administration. This role grants access to the user interfaces and workflows for managing Person objects.
VIS – Management Roles prefixed with VIS grant users the ability to see specific objects in EmpowerID. An example of this type of role for people is VIS-Person-MyLocations. This role grants access to see people that belong to same location as the person with the role.
ACT – Management Roles prefixed with ACT grant users the ability to manage specific objects in EmpowerID. An example of this type of role for people is ACT-Person-Role-Assignment-All. This role grants users with the role the ability to assign and unassign people to and from roles.
Roles needed to view self profile
To view their basic profile information, users need to have the following Management Role assignments:
Management Role
Access Granted by Management Role
Role Type
Management Role
Access Granted by Management Role
Role Type
UI-Person-Profile-Self-Service
Grants people access to the user interfaces and workflows for managing their own profile attributes.
Feature Set – Inherits the below Access Levels from the parent Management Role Definition:
PAGES AND CONTROLS ACCESS
View SelfPage
Viewer for the Page
Viewer for the General Tab
Edit Self Person Page
Viewer for the Page
Viewer for the Photo Edit Control
WORKFLOW ACCESS
Profile Manager Workflow
Initiator for the workflow
Person Edit Workflow
Initiator for the workflow
Person Photo Approval Workflow
Initiator for the workflow
VIS-Person-Self
Grants people visibility to see their own person. Granted by default to all people.
Visibility
ACT-Person-Profile-Self-Service
Grants people the ability to edit their profile attributes.
Activity
Profile Self-Service
Grants people the ability to edit their own profile attributes. Can be used in place of the above three Management Roles assignments.
Role Bundle — Contains the below Management Roles
VIS-Person-Self
ACT-Person-Profile-Self-Service
UI-Person-Person-Profile-Self-Service
Roles needed to view people
To view people in EmpowerID, users need to have one of the following Management Role assignments (based on the needed scope):
Management Role
Access Granted by Management Role
Role Type
Management Role
Access Granted by Management Role
Role Type
VIS-Person-Self
Grants users access to see their own person. Granted by default to all people.
Visibility
VIS-Person-MyDirectReports
Grants users access to see their direct reports
VIS-Person-MyLocations
Grants users access to see all people in their locations
VIS-Person-MyOrg
Grants users access to see all people in their organization
VIS-Person-All
Grants users access to see all people in the default organization
Roles needed to manage profiles
To manage the profile information of people, users need to have a combination of the following Management Role assignments (based on the needed scope):
Management Role
Access Granted by Management Role
Role Type
Management Role
Access Granted by Management Role
Role Type
UI-Person-Profile-Edit
Grants access to the user interfaces and workflows for editing people’s profile attributes.
Feature Set – Inherits the below Access Levels from the parent Management Role Definition:
PAGES AND CONTROLS ACCESS
Find Person Page
Viewer for the page
Viewer for the People Tab
View One Person Page
Viewer for the page
Viewer for the Manage Tab
Edit Person Page
Viewer for the page
Edit Person Contextual Page
Viewer for the page
Global Search Box
Viewer for the search box
WORKFLOW ACCESS
Person Edit
Initiator for the workflow
Edit Person Photo Approval
Initiator for the workflow
VIS-Person-MyDirectReports
Grants visibility for all direct reports of the person with the role. Can view basic information about their direct reports.
Visibility
ACT-Person-Profile-Edit-DirectReports
Grants the ability to edit the profile attributes for their Direct Reports
Activity
Management Role
Access Granted by Management Role
Role Type
Management Role
Access Granted by Management Role
Role Type
UI-Person-Profile-Edit
Grants access to the user interfaces and workflows for editing people’s profile attributes.
Feature Set – Inherits the below Access Levels from the parent Management Role Definition:
PAGES AND CONTROLS ACCESS
Find Person Page
Viewer for the page
Viewer for the People Tab
View One Person Page
Viewer for the page
Viewer for the Manage Tab
Edit Person Page
Viewer for the page
Edit Person Contextual Page
Viewer for the page
Global Search Box
Viewer for the search box
WORKFLOW ACCESS
Person Edit
Initiator for the workflow
Edit Person Photo Approval
Initiator for the workflow
VIS-Person-MyLocations
Grants visibility for all people in a person's locations. Can view basic information about people belonging to the same locations.
Visibility
ACT-Person-Profile-Edit-MyLocations
Grants the ability to edit the profile attributes for all people in their locations.
Activity
Management Role
Access Granted by Management Role
Role Type
Management Role
Access Granted by Management Role
Role Type
UI-Person-Profile-Edit
Grants access to the user interfaces and workflows for editing people’s profile attributes.
Feature Set – Inherits the below Access Levels from the parent Management Role Definition:
PAGES AND CONTROLS ACCESS
Find Person Page
Viewer for the page
Viewer for the People Tab
View One Person Page
Viewer for the page
Viewer for the Manage Tab
Edit Person Page
Viewer for the page
Edit Person Contextual Page
Viewer for the page
Global Search Box
Viewer for the search box
WORKFLOW ACCESS
Person Edit
Initiator for the workflow
Edit Person Photo Approval
Initiator for the workflow
VIS-Person-MyOrg
Grants visibility for people in a person's organizations. Can view basic information about people belonging to the same organizations.
Visibility
ACT-Person-Profile-Edit-MyOrg
Grants the ability to edit the profile attributes for all people in their organizations.
Activity
Roles needed to manage Management Role assignments
To manage the Management Role assignments of people, users need to have a combination of the following Management Role assignments (based on the needed scope):
Roles needed to manage Business Role assignments
To manage the Business Role assignments of people, users need to have a combination of the following Management Role assignments (based on the needed scope):
Roles needed to manage group membership
To manage the group membership of people, users need to have the following Management Role assignment:
Roles Needed to Create Person Objects
To create new Person objects in EmpowerID, users need to have a combination of the following Management Role assignments (based on the needed scope):
Roles Needed to Administer People
To perform administrative actions against people, such as creating and deleting them from EmpowerID, users need to have a combination of the following Management Role assignments (based on the needed scope):