Grant Access to Groups with Management Roles

Account Roles Needed

UI-Account-Membership-Management

Grants access to the user interfaces and workflows for viewing basic information about user accounts, as well as for initiating account group membership management workflows.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

• Find Account Page

  • Viewer for the page

• Account View One Page

  • Viewer for the page

  • Viewer for the General Tab

  • Viewer for the Group Membership Grid

  • Viewer for the Group Membership Changes Grid

  • Viewer for the Resultant Membership Grid

WORKFLOW ACCESS

• Add Accounts to Groups

  • Initiator for the workflow

• Remove Service Principal from Groups

  • Initiator for the workflow

• Update Account Group Membership

  • Initiator for the workflow

VIS-Accounts-MyLocations

Grants visibility for all user accounts in the same locations as the currently logged in user.

Visibility

ACT-Account-Membership-Management-MyLocations

Grants access to manage membership for user accounts belonging to the same locations as the currently logged in user.

If this role is not included, the change to group membership routes for approval to someone who can approve the request.

Activity

Group Roles Needed

UI-Group-Membership-Management

Grants people access to the user interfaces and workflows for viewing basic information about groups, as well as for initiating group membership management workflows.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

• Find Group Page

  • Viewer for the page

  • Viewer for the Dashboard Tab

  • Viewer for the All Groups Tab

  • Viewer for the Groups I Manage Tab

• Group View One Page

  • Viewer for the page

  • Viewer for the General Tab

  • Viewer for the Membership Changes Tab

  • Viewer for the Group Members Grid

WORKFLOW ACCESS

• Add Accounts to Groups

  • Initiator for the workflow

• Update Group Account Membership

  • Initiator for the workflow

• Add People to Groups

  • Initiator for the workflow

• Update Person Group Membership

  • Initiator for the workflow

• Temporary Group Membership

  • Initiator for the workflow

• Add Groups to Group

  • Initiator for the workflow

• Remove Groups from Group

  • Initiator for the workflow

• Remove Service Principal from Groups

  • Initiator for the workflow

VIS-Groups-Distribution-MyLocation

Grants visibility for all distribution groups belonging to the same locations as the currently logged in user.

Visibility

ACT-Group-Membership-Management-Distribution-MyLocations

Grants access to manage membership for distribution groups belonging to the same locations as the currently logged in user.

If this role is not included, the change to group membership routes for approval to someone who can approve the request.

Activity

VIS-Groups-Generic-MyLocation

Grants visibility for all generic groups belonging to the same locations as the currently logged in user.

Visibility

ACT-Group-Membership-Management-Generic-MyLocations

Grants access to manage membership for generic groups belonging to the same locations as the currently logged in user.

If this role is not included, the change to group membership routes for approval to someone who can approve the request.

Activity

VIS-Groups-Security-MyLocations

Grants visibility for all security groups belonging to the same locations as the currently logged in user.

Visibility

ACT-Group-Membership-Management-Security-MyLocations

Grants access to manage membership for security groups belonging to the same locations as the currently logged in user.

If this role is not included, the change to group membership routes for approval to someone who can approve the request.

Activity

Account Roles Needed

UI-Account-Membership-Management

Grants access to the user interfaces and workflows for viewing basic information about user accounts, as well as for initiating account group membership management workflows.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

• Find Account Page

  • Viewer for the page

• Account View One Page

  • Viewer for the page

  • Viewer for the General Tab

  • Viewer for the Group Membership Grid

  • Viewer for the Group Membership Changes Grid

  • Viewer for the Resultant Membership Grid

WORKFLOW ACCESS

• Add Accounts to Groups

  • Initiator for the workflow

• Remove Service Principal from Groups

  • Initiator for the workflow

• Update Account Group Membership

  • Initiator for the workflow

VIS-Accounts-MyOrg

Grants visibility for all user accounts in the same organizations as the currently logged in user.

Visibility

ACT-Account-Membership-Management-MyOrg

Grants access to manage membership for user accounts belonging to the same organizations as the currently logged in user.

If this role is not included, the change to group membership routes for approval to someone who can approve the request.

Activity

Group Roles Needed

UI-Group-Membership-Management

Grants people access to the user interfaces and workflows for viewing basic information about groups, as well as for initiating group membership management workflows.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

• Find Group Page

  • Viewer for the page

  • Viewer for the Dashboard Tab

  • Viewer for the All Groups Tab

  • Viewer for the Groups I Manage Tab

• Group View One Page

  • Viewer for the page

  • Viewer for the General Tab

  • Viewer for the Membership Changes Tab

  • Viewer for the Group Members Grid

WORKFLOW ACCESS

• Add Accounts to Groups

  • Initiator for the workflow

• Update Group Account Membership

  • Initiator for the workflow

• Add People to Groups

  • Initiator for the workflow

• Update Person Group Membership

  • Initiator for the workflow

• Temporary Group Membership

  • Initiator for the workflow

• Add Groups to Group

  • Initiator for the workflow

• Remove Groups from Group

  • Initiator for the workflow

• Remove Service Principal from Groups

  • Initiator for the workflow

VIS-Groups-Distribution-MyOrganizations

Grants visibility for all distribution groups belonging to the same organizations as the currently logged in user.

Visibility

ACT-Group-Membership-Management-Distribution-MyOrganizations

Grants access to manage membership for distribution groups belonging to the same organizations as the currently logged in user.

If this role is not included, the change to group membership routes for approval to someone who can approve the request.

Activity

VIS-Groups-Generic-MyOrg

Grants visibility for all generic groups belonging to the same organizations as the currently logged in user.

Visibility

ACT-Group-Membership-Management-Generic-MyOrganizations

Grants access to manage membership for generic groups belonging to the same organizations as the currently logged in user.

If this role is not included, the change to group membership routes for approval to someone who can approve the request.

Activity

VIS-Groups-Security-MyOrg

Grants visibility for all security groups belonging to the same organizations as the currently logged in user.

Visibility

ACT-Group-Membership-Management-Security-MyOrganizations

Grants access to manage membership for security groups belonging to the same organizations as the currently logged in user.

If this role is not included, the change to group membership routes for approval to someone who can approve the request.

Activity

Account Roles Needed

UI-Account-Membership-Management

Grants access to the user interfaces and workflows for viewing basic information about user accounts, as well as for initiating account group membership management workflows.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

• Find Account Page

  • Viewer for the page

• Account View One Page

  • Viewer for the page

  • Viewer for the General Tab

  • Viewer for the Group Membership Grid

  • Viewer for the Group Membership Changes Grid

  • Viewer for the Resultant Membership Grid

WORKFLOW ACCESS

• Add Accounts to Groups

  • Initiator for the workflow

• Remove Service Principal from Groups

  • Initiator for the workflow

• Update Account Group Membership

  • Initiator for the workflow

VIS-Accounts-All

Grants visibility for all user accounts.

Visibility

ACT-Account-Membership-Management-All-Accounts

Grants access to manage membership for all user accounts.

If this role is not included, the change to group membership routes for approval to someone who can approve the request.

Activity

Group Roles Needed

UI-Group-Membership-Management

Grants people access to the user interfaces and workflows for viewing basic information about groups, as well as for initiating group membership management workflows.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

• Find Group Page

  • Viewer for the page

  • Viewer for the Dashboard Tab

  • Viewer for the All Groups Tab

  • Viewer for the Groups I Manage Tab

• Group View One Page

  • Viewer for the page

  • Viewer for the General Tab

  • Viewer for the Membership Changes Tab

  • Viewer for the Group Members Grid

WORKFLOW ACCESS

• Add Accounts to Groups

  • Initiator for the workflow

• Update Group Account Membership

  • Initiator for the workflow

• Add People to Groups

  • Initiator for the workflow

• Update Person Group Membership

  • Initiator for the workflow

• Temporary Group Membership

  • Initiator for the workflow

• Add Groups to Group

  • Initiator for the workflow

• Remove Groups from Group

  • Initiator for the workflow

• Remove Service Principal from Groups

  • Initiator for the workflow

VIS-Groups-All

Grants visibility for all groups.

Visibility

ACT-Group-Membership-Management-All-Groups

Grants access to manage membership for all groups.

If this role is not included, the change to group membership routes for approval to someone who can approve the request.

Activity

UI-Account-Membership-Management

Grants access to the user interfaces and workflows for viewing basic information about user accounts, as well as for initiating account group membership management workflows.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

• Find Account Page

  • Viewer for the page

• Account View One Page

  • Viewer for the page

  • Viewer for the General Tab

  • Viewer for the Group Membership Grid

  • Viewer for the Group Membership Changes Grid

  • Viewer for the Resultant Membership Grid

WORKFLOW ACCESS

• Add Accounts to Groups

  • Initiator for the workflow

• Remove Service Principal from Groups

  • Initiator for the workflow

• Update Account Group Membership

  • Initiator for the workflow

UI-Group-Membership-Management

Grants people access to the user interfaces and workflows for viewing basic information about groups, as well as for initiating group membership management workflows.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

• Find Group Page

  • Viewer for the page

  • Viewer for the Dashboard Tab

  • Viewer for the All Groups Tab

  • Viewer for the Groups I Manage Tab

• Group View One Page

  • Viewer for the page

  • Viewer for the General Tab

  • Viewer for the Membership Changes Tab

  • Viewer for the Group Members Grid

WORKFLOW ACCESS

• Add Accounts to Groups

  • Initiator for the workflow

• Update Group Account Membership

  • Initiator for the workflow

• Add People to Groups

  • Initiator for the workflow

• Update Person Group Membership

  • Initiator for the workflow

• Temporary Group Membership

  • Initiator for the workflow

• Add Groups to Group

  • Initiator for the workflow

• Remove Groups from Group

  • Initiator for the workflow

• Remove Service Principal from Groups

  • Initiator for the workflow

Active Directory User Accounts and Groups — In addition to the UI-Account-Membership-Management and UI-Group-Membership-Management Management Roles, users need the following roles to see manage Active Directory group membership for Active Directory user accounts

VIS-Accounts-AD

Grants visibility for all Active Directory user accounts.

Visibility

VIS-Groups-All-AD

Grants visibility for all Active Directory groups.

Visibility

ACT-Account-Membership-Management-All-AD-Accounts

Grants access to manage group membership for all Active Directory user accounts.

If this role is not included, the change to group membership routes for approval to someone who can approve the request.

Activity

ACT-Group-Membership-Management-All-AD-Groups

Grants access to manage group membership for all Active Directory groups.

If this role is not included, the change to group membership routes for approval to someone who can approve the request.

Activity

AWS User Accounts and Groups — In addition to the UI-Account-Membership-Management and UI-Group-Membership-Management Management Roles, users need the following roles to manage AWS group memberships for AWS user accounts.

VIS-Accounts-AWS

Grants visibility for all AWS user accounts.

Visibility

VIS-Groups-All-AWS

Grants visibility for all AWS groups.

Visibility

ACT-Account-Membership-Management-All

Grants access to manage group membership for all user accounts, including AWS user accounts.

If this role is not included, the change to group membership routes for approval to someone who can approve the request.

Activity

ACT-Group-Membership-Management-All-AWS-Groups

Grants access to manage group membership for all AWS groups.

If this role is not included, the change to group membership routes for approval to someone who can approve the request.

Activity

Linux User Accounts and Groups — In addition to the UI-Account-Membership-Management and UI-Group-Membership-Management Management Roles, users need the following roles to manage Linux group memberships for Linux user accounts

VIS-Accounts-Linux

Grants visibility for all Linux user accounts.

Visibility

VIS-Groups-All

Grants visibility for all groups, including all groups in Linux systems.

Visibility

ACT-Account-Membership-Management-All

Grants access to manage group membership for all user accounts, including Linux user accounts.

If this role is not included, the change to group membership routes for approval to someone who can approve the request.

Activity

ACT-Group-Membership-Management-All-Groups

Grants access to manage group membership for all groups, including Linux groups.

If this role is not included, the change to group membership routes for approval to someone who can approve the request.

Activity

Local Windows User Accounts and Groups — In addition to the UI-Account-Membership-Management and UI-Group-Membership-Management Management Roles, users need the following roles to manage group memberships for Local Windows Server user accounts and groups

VIS-Accounts-LocalWindows

Grants visibility for all user accounts belonging to Local Windows Server account stores.

Visibility

VIS-Groups-All

Grants visibility for all groups, including all groups in Local Windows Server account stores.

Visibility

ACT-Account-Membership-Management-All

Grants access to manage group membership for all user accounts, including Local Windows user accounts.

If this role is not included, the change to group membership routes for approval to someone who can approve the request.

Activity

ACT-Group-Membership-Management-All-Groups

Grants access to manage group membership for all groups, including Local Windows groups.

If this role is not included, the change to group membership routes for approval to someone who can approve the request.

Activity

Office 365 User Accounts and Groups — In addition to the UI-Account-Membership-Management and UI-Group-Membership-Management Management Roles, users need the following roles to manage group memberships for Office 365 user accounts and groups

VIS-Accounts-O365

Grants visibility for all Office 365 / Azure AD user accounts.

Visibility

VIS-Groups-All-O365

Grants visibility for all Office 365 groups.

Visibility

ACT-Account-Membership-Management-All

Grants access to manage group membership for all user accounts, including Office 365 / Azure AD user accounts.

If this role is not included, the change to group membership routes for approval to someone who can approve the request.

Activity

ACT-Group-Membership-Management-All-O365-Groups

Grants access to manage group membership for all Office 365 groups.

If this role is not included, the change to group membership routes for approval to someone who can approve the request.

Activity

SAP User Accounts and Groups — In addition to the UI-Account-Membership-Management and UI-Group-Membership-Management Management Roles, users need the following roles to manage group memberships for SAP user accounts and groups

VIS-Accounts-SAP

Grants visibility for all SAP user accounts.

Visibility

VIS-Groups-All-SAP

Grants visibility for all Office 365 groups.

Visibility

ACT-Account-Membership-Management-All-SAP-Accounts

Grants access to manage group membership for all SAP and ABAP user accounts.

If this role is not included, the change to group membership routes for approval to someone who can approve the request.

Activity

ACT-Group-Membership-Management-All-SAP-Groups

Grants access to manage membership for all SAP Roles and Profiles.

If this role is not included, the change to group membership routes for approval to someone who can approve the request.

Activity

UI-Group-Object-Administration

Grants access to the user interfaces and workflows for creating, updating and deleting user accounts.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

• Find Group Page

  • Viewer for the page

  • Viewer for the Location Tree

  • Viewer for the All Groups Tab

  • Viewer for the Deleted Tab

• Group View One Page

  • Viewer for the page

  • Viewer for the Actions Accordion

  • Viewer for the Owners Grid

  • Viewer for the Advanced Tab

  • Viewer for the Advanced Tab Membership Changes Accordion

  • Viewer for the Advanced Tab Accept Reject Mail Accordion

• Edit Group Page

  • Viewer for the page

• Create Group Page

  • Viewer for the page

• Create Group Simple Page

  • Viewer for the page

• Group Resource Type Dropdown Item

  • Viewer for the control

WEB SERVICE ACCESS

• Group View

  • Executor for the service

• Group Account View

  • Executor for the service

• Group Account History View

  • Executor for the service

WORKFLOW ACCESS

• Create Group

  • Initiator for the workflow

• Move Group

  • Initiator for the workflow

• Resource Manager Edit Group

  • Initiator for the workflow

• Update Resource Locations

  • Initiator for the workflow

• Update Resource Tags

  • Initiator for the workflow

• Update Owner Assignee

  • Initiator for the workflow

• Update Person Catalog Category Requestable Entitlements

  • Initiator for the workflow

• Restore Deleted Groups Bulk

  • Initiator for the workflow

VIS-Groups-Distribution-MyLocation

Grants visibility for distribution groups in the same locations as the currently logged in user.

Visibility

VIS-Groups-Generic-MyLocation

Grants visibility for generic groups in the same locations as the currently logged in user.

Visibility

VIS-Groups-Security-MyLocation

Grants visibility for security groups in the same locations as the currently logged in user.

Visibility

ACT-Group-Object-Administration-MyLocations

Grants access to create, edit and delete groups in the same location as the currently logged in user.

Activity