You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

Access to People

Owned by Phillip Hanegan
Aug 21, 2023
19 min read

EmpowerID restricts access to people through the use of Management Roles. To work with people users must be assigned to the appropriate roles. Management Roles are prefixed by their function in EmpowerID and include the following:

  • UI – Management Roles prefixed with UI grant users access to specific UI elements in the EmpowerID Web interface. An example of this type of role for people is UI-Person-Object-Administration. This role grants access to the user interfaces and workflows for managing Person objects.

  • VIS – Management Roles prefixed with VIS grant users the ability to see specific objects in EmpowerID. An example of this type of role for people is VIS-Person-MyLocations. This role grants access to see people that belong to same location as the person with the role.

  • ACT – Management Roles prefixed with ACT grant users the ability to manage specific objects in EmpowerID. An  example of this type of role for people is ACT-Person-Role-Assignment-All. This role grants users with the role the ability to assign and unassign people to and from roles.

Roles needed to view self profile

To view their basic profile information, users need to have the following Management Role assignments:

Management Role

Access Granted by Management Role

Role Type

Management Role

Access Granted by Management Role

Role Type

UI-Person-Profile-Self-Service

Grants people access to the user interfaces and workflows for managing their own profile attributes.

Feature Set – Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

  • View Self Page

    • Viewer for the Page

    • Viewer for the General Tab

  • Edit Self Person Page

    • Viewer for the Page

    • Viewer for the Photo Edit Control

WORKFLOW ACCESS

  • Profile Manager Workflow

    • Initiator for the workflow

  • Person Edit Workflow

    • Initiator for the workflow

  • Person Photo Approval Workflow

    • Initiator for the workflow

VIS-Person-Self

Grants people visibility to see their own person. Granted by default to all people.

Visibility

ACT-Person-Profile-Self-Service

Grants people the ability to edit their profile attributes.

Activity

Profile Self-Service

Grants people the ability to edit their own profile attributes. Can be used in place of the above three Management Roles assignments.

Role Bundle — Contains the below Management Roles

  • VIS-Person-Self

  • ACT-Person-Profile-Self-Service

  • UI-Person-Person-Profile-Self-Service

Roles needed to view people

To view people in EmpowerID, users need to have one of the following Management Role assignments (based on the needed scope):

Management Role

Access Granted by Management Role

Role Type

Management Role

Access Granted by Management Role

Role Type

VIS-Person-Self

Grants users access to see their own person. Granted by default to all people.

Visibility

VIS-Person-MyDirectReports

Grants users access to see their direct reports

 

VIS-Person-MyLocations

Grants users access to see all people in their locations

 

VIS-Person-MyOrg

Grants users access to see all people in their organization

 

VIS-Person-All

Grants users access to see all people in the default organization

 

Roles needed to manage profiles

To manage the profile information of people, users need to have a combination of the following Management Role assignments (based on the needed scope):

Management Role

Access Granted by Management Role

Role Type

Management Role

Access Granted by Management Role

Role Type

UI-Person-Profile-Edit

Grants access to the user interfaces and workflows for editing people’s profile attributes.

Feature Set – Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

  • Find Person Page

    • Viewer for the page

    • Viewer for the People Tab

  • View One Person Page

    • Viewer for the page

    • Viewer for the Manage Tab

  • Edit Person Page

    • Viewer for the page

  • Edit Person Contextual Page

    • Viewer for the page

  • Global Search Box

    • Viewer for the search box

 

WORKFLOW ACCESS

  • Person Edit

    • Initiator for the workflow

  • Edit Person Photo Approval

    • Initiator for the workflow

VIS-Person-MyDirectReports

Grants visibility for all direct reports of the person with the role. Can view basic information about their direct reports.

Visibility

ACT-Person-Profile-Edit-DirectReports

Grants the ability to edit the profile attributes for their Direct Reports

Activity

Management Role

Access Granted by Management Role

Role Type

Management Role

Access Granted by Management Role

Role Type

UI-Person-Profile-Edit

Grants access to the user interfaces and workflows for editing people’s profile attributes.

Feature Set – Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

  • Find Person Page

    • Viewer for the page

    • Viewer for the People Tab

  • View One Person Page

    • Viewer for the page

    • Viewer for the Manage Tab

  • Edit Person Page

    • Viewer for the page

  • Edit Person Contextual Page

    • Viewer for the page

  • Global Search Box

    • Viewer for the search box

 

WORKFLOW ACCESS

  • Person Edit

    • Initiator for the workflow

  • Edit Person Photo Approval

    • Initiator for the workflow

VIS-Person-MyLocations

Grants visibility for all people in a person's locations. Can view basic information about people belonging to the same locations.

Visibility

ACT-Person-Profile-Edit-MyLocations

Grants the ability to edit the profile attributes for all people in their locations.

Activity

Management Role

Access Granted by Management Role

Role Type

Management Role

Access Granted by Management Role

Role Type

UI-Person-Profile-Edit

Grants access to the user interfaces and workflows for editing people’s profile attributes.

Feature Set – Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

  • Find Person Page

    • Viewer for the page

    • Viewer for the People Tab

  • View One Person Page

    • Viewer for the page

    • Viewer for the Manage Tab

  • Edit Person Page

    • Viewer for the page

  • Edit Person Contextual Page

    • Viewer for the page

  • Global Search Box

    • Viewer for the search box



WORKFLOW ACCESS

  • Person Edit

    • Initiator for the workflow

  • Edit Person Photo Approval

    • Initiator for the workflow

VIS-Person-MyOrg

Grants visibility for people in a person's organizations. Can view basic information about people belonging to the same organizations.

Visibility

ACT-Person-Profile-Edit-MyOrg

Grants the ability to edit the profile attributes for all people in their organizations.

Activity

Roles needed to manage Management Role assignments

To manage the Management Role assignments of people, users need to have a combination of the following Management Role assignments (based on the needed scope):

Roles needed to manage Business Role assignments

To manage the Business Role assignments of people, users need to have a combination of the following Management Role assignments (based on the needed scope):

Roles needed to manage group membership

To manage the group membership of people, users need to have the following Management Role assignment:

Roles Needed to Create Person Objects

To create new Person objects in EmpowerID, users need to have a combination of the following Management Role assignments (based on the needed scope):

Roles Needed to Administer People

To perform administrative actions against people, such as creating and deleting them from EmpowerID, users need to have a combination of the following Management Role assignments (based on the needed scope):