Management Roles Page

Owned by Phillip Hanegan
Feb 29, 2024
8 min read

Users can access the Management Roles page in Resource Admin by selecting 'Management Roles' from the Resource Type menu. This page features a user-friendly interface specifically designed to streamline the management of Management Roles. It is equipped with various tabs and controls, such as search features, role records, and contextual workflows, enabling users to effectively interact with, create, and update both Management Roles and their memberships.

 

Searching for Management Roles

Upon accessing the Management Roles page in Resource Admin, users can utilize the search feature to locate specific roles. Each identity object within the EmpowerID Identity Warehouse, including Management Roles, is associated with a SearchTerms property. This property includes fields like Name, FriendlyName, Email, DistinguishedName, and Description. Users can input a search value, such as 'account,' to retrieve all roles with a value match in any of the fields.

Searching for “account” returns all Management Roles where that value exists in any of the above-mentioned fields

 

Management Role Search Filters

To assist in navigating a potentially large number of records, Resource Admin also provides various filters. These filters can be used alongside the search terms for a more focused and granular search experience.

Filter

Description

Filter

Description

Owned By

This filter provides users with options to list Management Roles based on ownership. Options include:

  • Anybody – View all Management Roles

  • Myself – View only Management Roles owned by the user

  • Someone Else – View only Management Roles owned by the specified person

Users must have the appropriate role assignment to see the Owned By filter.

Applications

This filter provides users with the option to filter Management Roles to display only those belonging to the selected application.

Location

 

This filter provides users with the option to filter Management Roles to display only those belonging to the selected location.

Business Functions

 

This filter provides users with the option to filter Management Roles to display only those granting members of the role the selected business function.

Rights

 

This filter provides users with the option to filter Management Roles to display only those granting members of the role the selected rights.

Advanced Search

 

Provides advanced search capabilities to further filter Management Roles based on one or more of the selected attributes.

  • Name

  • Description

Interacting with Management Roles

In Resource Admin, each Management Role is accompanied by a record that provides essential context for user interactions. To access more in-depth information about a role, users can click on the 'Details' link in each Management Role record. This link leads to the Details view, where users can navigate through a variety of tabs to review and manage role-specific information such as role permissions, member lists, and settings. Additionally, Management Role records feature a contextual workflow button, represented by the gear icon, which users with the necessary permissions can use to initiate the 'Manage Management Role Wizard' workflow. This functionality, as illustrated below, streamlines the management of these roles.

 

Clicking the 'Details' button for a Management Role directs users to the Overview page. This page offers comprehensive information about the Management Role, with navigable tabs designed for managing different aspects of the role, including its configuration, associated tasks, and user assignments.

 


People as Members

In the 'People as Members' tab, users can manage individuals with direct memberships in the Management Role. It is important to note that this differs from RBAC assignments, where membership is granted indirectly, such as when a person belongs to a group that is a member of the role.

From this tab, delegated users have access to the following functionalities:

  • View Current Members: Easily browse a list of all current individuals who are direct members of the role.

  • Add New Members: Seamlessly add new individuals to the role, granting them direct membership.

  • Remove Members: Efficiently remove individuals from their role membership, as needed for role management.

 

 

All Members

The 'All Members' tab offers a comprehensive view of all individuals in the role, including both direct members and those with indirect membership. Types of indirect membership include individuals in groups, SetGroups, Business Roles and Locations, and other Management Roles that are members of the primary role.

 

Management Roles as Members

In the 'Management Roles as Members' tab, users with delegated permissions have the ability to manage which Management Roles belong to the current role. This includes:

  • View Current Management Roles as Members: Users can easily browse a list of all Management Roles that are currently members of the role.

  • Add New Management Roles as Members: This functionality enables users to add new Management Roles to membership in the role.

  • Remove Members: Users can efficiently remove Management Roles from the role’s membership. This is helpful for maintaining the relevance and accuracy of the role's composition, especially in dynamic organizational environments.

 

Other Types of Management Role Members

In the 'Other Types of Management Roles as Members' tab, users with appropriate permissions can view and manage various types of memberships associated with the current role. This includes:

  • View and Manage Groups as Members: Users can browse and manage the groups that are currently members of the role. This functionality allows for the addition of new groups and the removal of existing ones, ensuring the role's group memberships remain relevant and up-to-date.

  • View and Manage Set Groups as Members: This feature provides a list of all Set Groups that are members of the role. Users can add new Set Groups or remove existing ones, allowing for dynamic management of Set Group memberships.

  • View and Manage Business Role and Location Combinations as Members: Users can view and modify the list of Business Role and Location Combinations associated with the role. This includes adding new combinations or removing existing ones providing flexibility in managing these specific types of role memberships. 

 

Direct Access Granted

In the 'Direct Access Granted' tab, users with the necessary permissions can view and manage the access assignments that are directly granted to the role. This includes:

  • View Current Direct Access Assignments: This feature allows users to browse through all the access assignments that are currently assigned to the role, offering a clear overview of the role's present access privileges.

  • Add New Direct Access Assignments: Users can use this functionality to grant additional access assignments to the role, thereby enhancing or altering the role's capabilities and reach within the system.

  • Remove Current Direct Access Assignments: This option enables users to remove existing access assignments from the role, which is crucial for maintaining up-to-date and appropriate access levels in line with organizational changes or role requirements.

 

Total Access Granted

The 'Total Access Granted' tab provides users with a comprehensive view of all access privileges associated with the role, encompassing both direct and indirect access assignments. This includes direct access rights explicitly assigned to the role and indirect access that is inherited through association with groups, Set Groups, Business Role and Location combinations, or other Management Roles. Understanding both types of access is crucial for accurately assessing the full extent of the role's capabilities and ensuring appropriate access control within the system.



Management Roles Granted as Access

In the 'Management Roles Granted as Access' tab, users with appropriate permissions can manage which Management Roles have access to the current role. This tab is crucial for overseeing the scope of access rights, as Management Roles listed here inherit all the access privileges of the current role in addition to their own.

  • View Current Management Roles Granted Access: This feature enables users to see a list of all Management Roles that currently have access to the role.

  • Add New Access Assignments: With this functionality, users can grant additional Management Roles access to the role. This is often used to expand collaboration or operational capabilities of roles within the system.

  • Remove Access Assignments: Users can remove access from existing Management Roles. This function is essential for ensuring access rights remain aligned with current organizational structures and role requirements, especially in dynamic environments where changes are frequent.

 

Actions

The 'Actions' tab is designed to provide users with quick access to contextual workflows that are relevant to the currently selected tab. For instance, when a user is viewing the Overview tab, the Actions tab dynamically updates to display an action link that initiates the 'Manage Management Role Wizard' workflows. This dynamic adaptation ensures that users have the most relevant tools at their fingertips, tailored to their current context within the Management Roles page of the application.

 

Management Roles Workflows Page

On the Management Roles Workflows Page, authorized users can access a variety of application workflows specifically designed for managing roles. This page acts as a centralized hub for these workflows, streamlining the process of locating and initiating various tasks. An image can be found below this description in the actual application, providing a visual guide to the available workflows and their purposes, further aiding users in navigating and selecting the appropriate workflow for their needs.