Atlassian uses cookies to improve your browsing experience, perform analytics and research, and conduct advertising. Accept all cookies to indicate that you agree to our use of cookies on your device.
Atlassian uses cookies to improve your browsing experience, perform analytics and research, and conduct advertising. Accept all cookies to indicate that you agree to our use of cookies on your device. Atlassian cookies and tracking notice, (opens new window)
EmpowerID employs Management Roles to control access to its resources. Users must be assigned appropriate roles to manage and interact with personnel data within the system. These Management Roles are categorized based on their functional prefixes in EmpowerID, as described below.
UI Roles: These roles, identified by the "UI" prefix, provide users access to specific interface elements within the EmpowerID interfaces. For instance, the role "UI-Person-Object-Administration" enables access to user interfaces and workflows essential for managing Person objects.
VIS Roles: Roles starting with "VIS" enable users to view specific objects within EmpowerID. A typical role in this category is "VIS-Person-MyLocations," which allows users to view personnel in the same location as the person in this role.
ACT Roles: These roles, prefixed with "ACT," authorize users to actively manage specific objects in EmpowerID. For example, "ACT-Person-Role-Assignment-All" grants users access to assign or unassign roles to personnel.
To facilitate efficient role management, EmpowerID offers "Role Bundle" Management Roles. These bundles are pre-configured with the requisite roles necessary for various operational scenarios, allowing for convenient and rapid deployment of access rights suited to specific user requirements and organizational workflows. This bundling strategy simplifies the administration of roles and enhances security by ensuring that users have precisely the access they need to perform their duties.
EmpowerID restricts access to resources through the use of Management Roles. Users must be assigned to the appropriate roles to work with Person objects. Management Roles are prefixed by their function in EmpowerID and include the following:
UI – Management Roles prefixed with UI grant users access to specific UI elements in the EmpowerID Web interface. An example of this type of role for people is UI-Person-Object-Administration. This role grants access to the user interfaces and workflows for managing Person objects.
VIS – Management Roles prefixed with VIS grant users the ability to see specific objects in EmpowerID. An example of this type of role for people is VIS-Person-MyLocations. This role grants access to see people that belong to same location as the person with the role.
ACT – Management Roles prefixed with ACT grant users the ability to manage specific objects in EmpowerID. An example of this type of role for people is ACT-Person-Role-Assignment-All. This role grants users with the role the ability to assign and unassign people to and from roles.
Person Role Bundles
Profile Self-Service
Grants users access to view and edit their profiles. The bundle is comprised of the following Management Roles:
Management Role
Access Granted by Management Role
Role Type
Management Role
Access Granted by Management Role
Role Type
UI-Person-Profile-Self-Service
Grants people access to the user interfaces and workflows for managing their own profile attributes.
Feature Set – Inherits the below Access Levels from the parent Management Role Definition:
PAGES AND CONTROLS ACCESS
View SelfPage
Viewer for the Page
Viewer for the General Tab
Edit Self Person Page
Viewer for the Page
Viewer for the Photo Edit Control
WORKFLOW ACCESS
Profile Manager Workflow
Initiator for the workflow
Person Edit Workflow
Initiator for the workflow
Person Photo Approval Workflow
Initiator for the workflow
VIS-Person-Self
Grants people visibility to see their own person. Granted by default to all people.
Visibility
ACT-Person-Profile-Self-Service
Grants people the ability to edit their profile attributes.
Activity
Person Identity Admin for Your Locations
Roles needed to view people
To view people in EmpowerID, users need to have one of the following Management Role assignments (based on the needed scope):
Management Role
Access Granted by Management Role
Role Type
Management Role
Access Granted by Management Role
Role Type
VIS-Person-Self
Grants users access to see their own person. Granted by default to all people.
Visibility
VIS-Person-MyDirectReports
Grants users access to see their direct reports
VIS-Person-MyLocations
Grants users access to see all people in their locations
VIS-Person-MyOrg
Grants users access to see all people in their organization
VIS-Person-All
Grants users access to see all people in the default organization
Roles needed to manage profiles
To manage the profile information of people, users need to have a combination of the following Management Role assignments (based on the needed scope):
Management Role
Access Granted by Management Role
Role Type
Management Role
Access Granted by Management Role
Role Type
UI-Person-Profile-Edit
Grants access to the user interfaces and workflows for editing people’s profile attributes.
Feature Set – Inherits the below Access Levels from the parent Management Role Definition:
PAGES AND CONTROLS ACCESS
Find Person Page
Viewer for the page
Viewer for the People Tab
View One Person Page
Viewer for the page
Viewer for the Manage Tab
Edit Person Page
Viewer for the page
Edit Person Contextual Page
Viewer for the page
Global Search Box
Viewer for the search box
WORKFLOW ACCESS
Person Edit
Initiator for the workflow
Edit Person Photo Approval
Initiator for the workflow
VIS-Person-MyDirectReports
Grants visibility for all direct reports of the person with the role. Can view basic information about their direct reports.
Visibility
ACT-Person-Profile-Edit-DirectReports
Grants the ability to edit the profile attributes for their Direct Reports
Activity
Management Role
Access Granted by Management Role
Role Type
Management Role
Access Granted by Management Role
Role Type
UI-Person-Profile-Edit
Grants access to the user interfaces and workflows for editing people’s profile attributes.
Feature Set – Inherits the below Access Levels from the parent Management Role Definition:
PAGES AND CONTROLS ACCESS
Find Person Page
Viewer for the page
Viewer for the People Tab
View One Person Page
Viewer for the page
Viewer for the Manage Tab
Edit Person Page
Viewer for the page
Edit Person Contextual Page
Viewer for the page
Global Search Box
Viewer for the search box
WORKFLOW ACCESS
Person Edit
Initiator for the workflow
Edit Person Photo Approval
Initiator for the workflow
VIS-Person-MyLocations
Grants visibility for all people in a person's locations. Can view basic information about people belonging to the same locations.
Visibility
ACT-Person-Profile-Edit-MyLocations
Grants the ability to edit the profile attributes for all people in their locations.
Activity
Management Role
Access Granted by Management Role
Role Type
Management Role
Access Granted by Management Role
Role Type
UI-Person-Profile-Edit
Grants access to the user interfaces and workflows for editing people’s profile attributes.
Feature Set – Inherits the below Access Levels from the parent Management Role Definition:
PAGES AND CONTROLS ACCESS
Find Person Page
Viewer for the page
Viewer for the People Tab
View One Person Page
Viewer for the page
Viewer for the Manage Tab
Edit Person Page
Viewer for the page
Edit Person Contextual Page
Viewer for the page
Global Search Box
Viewer for the search box
WORKFLOW ACCESS
Person Edit
Initiator for the workflow
Edit Person Photo Approval
Initiator for the workflow
VIS-Person-MyOrg
Grants visibility for people in a person's organizations. Can view basic information about people belonging to the same organizations.
Visibility
ACT-Person-Profile-Edit-MyOrg
Grants the ability to edit the profile attributes for all people in their organizations.
Activity
Management Role
Access Granted by Management Role
Role Type
Management Role
Access Granted by Management Role
Role Type
UI-Person-Profile-Edit
Grants access to the user interfaces and workflows for editing people’s profile attributes.
Feature Set – Inherits the below Access Levels from the parent Management Role Definition:
PAGES AND CONTROLS ACCESS
Find Person Page
Viewer for the page
Viewer for the People Tab
View One Person Page
Viewer for the page
Viewer for the Manage Tab
Edit Person Page
Viewer for the page
Edit Person Contextual Page
Viewer for the page
Global Search Box
Viewer for the search box
WORKFLOW ACCESS
Person Edit
Initiator for the workflow
Edit Person Photo Approval
Initiator for the workflow
VIS-People-All
Grants visibility for all people in the system.
Visibility
ACT-Person-Profile-Edit-Customers
Grants the ability to edit the profile attributes for all people below the Customers location.
Activity
ACT-Person-Profile-Edit-Partners
Grants the ability to edit the profile attributes for all people below the Partners location.
Activity
Management Role
Access Granted by Management Role
Role Type
Management Role
Access Granted by Management Role
Role Type
UI-Person-Profile-Edit
Grants access to the user interfaces and workflows for editing people’s profile attributes.
Feature Set – Inherits the below Access Levels from the parent Management Role Definition:
PAGES AND CONTROLS ACCESS
Find Person Page
Viewer for the page
Viewer for the People Tab
View One Person Page
Viewer for the page
Viewer for the Manage Tab
Edit Person Page
Viewer for the page
Edit Person Contextual Page
Viewer for the page
Global Search Box
Viewer for the search box
WORKFLOW ACCESS
Person Edit
Initiator for the workflow
Edit Person Photo Approval
Initiator for the workflow
VIS-People-All
Grants visibility for all people in the system.
Visibility
ACT-Person-Profile-Edit-All
Grants the ability to edit the profile attributes for all people in the system.
Activity
Roles needed to manage Management Role assignments
To manage the Management Role assignments of people, users need to have a combination of the following Management Role assignments (based on the needed scope):
Management Role
Access Granted by Management Role
Role Type
Management Role
Access Granted by Management Role
Role Type
UI-Management-Role-Membership-Management
Grants access to the user interfaces and workflows for managing the membership of Management Roles.
Feature Set – Inherits the below Access Levels from the parent Management Role Definition:
PAGES AND CONTROLS ACCESS
Find Person Page
Viewer for the page
Viewer for the People Tab
View One Person Page
Viewer for the page
Viewer for the Manage Tab
Viewer for the Roles, Accounts and Login Security accordion
Viewer for the Advanced Attributes Editable Lists
Find Management Role Page
Viewer for the page
Viewer for the All Roles Tab
Management Role View One Page
Viewer for the page
Viewer for the General Tab
Viewer for the More Info Accordion
Viewer for the People Members of Management Role Grid
Resultant Resource Locations Page
Viewer for the page
WORKFLOW ACCESS
Update Person Management Role Assignments
Initiator for the workflow
Update Management Role Assignments
Initiator for the workflow
VIS-Person-MyLocations
Grants visibility for all people in a person's locations. The role is needed when responsible for assigning roles to people in the person’s locations.
Visibility
VIS-Management-Role-MyLocations
Grants visibility for all Management Roles belonging to the same locations.