Partner Access Assignment Details
- Phillip Hanegan
EmpowerID employs a structured approach to access management through the use of Management Roles, which are essential in restricting and delegating access to various resources and functionalities. These roles are categorized based on their function within EmpowerID and are prefixed accordingly to signify their specific utility. This framework is particularly effective for delegating access to partners, ensuring they have the necessary permissions to manage their operations within the system while maintaining overall security and integrity.
Types of Management Roles:
UI (User Interface) Management Roles:
Purpose: These roles are specifically designed to grant access to particular UI elements within the EmpowerID Web interface.
Functionality: Users assigned UI-prefixed roles can interact with specific parts of the interface, which may include administrative panels, reporting dashboards, or user management screens, depending on the role's specifications.
VIS (Visibility) Management Roles:
Purpose: VIS-prefixed roles enable users to view specific objects within EmpowerID.
Functionality: This access is crucial for monitoring, oversight, and management purposes. Users can see certain data or system components, aiding in informed decision-making and operational control.
ACT (Action) Management Roles:
Purpose: ACT-prefixed roles empower users to manage specific objects within EmpowerID.
Functionality: These roles involve a higher level of access, allowing users to perform actions like modifying, adding, or removing certain objects or settings in the system.
Role Bundles (RB) Management Roles
Definition: RB Management Roles are composite roles that include a collection of various Management Roles.
Utility: These role bundles simplify the process of delegating access by grouping related roles into a single assignment.
Access Provision: Users assigned an RB Management Role inherit the access rights of all the individual roles included in that bundle, making it an efficient method to grant comprehensive permissions tailored to specific user needs or partner requirements.
Â
To make delegating access to partners easy, EmpowerID includes the following two Role Bundle Management Roles.
Partner Admin Role Bundle
Management Role | Role Type | Description |
|---|---|---|
UI-Person-Object-Administration | Feature Set (Ui) | Provides access to Person Object UI and workflows. The role specifically grants access to the following user interface controls, pages and reports, and workflows: |
UI-Person-Password-Helpdesk | Feature Set (UI) | Grants access to perform assisted password resets and unlocks. The role specifically grants access to the following user interface controls, pages and reports, and workflows: |
VIS-OrgRoleOrgZone-ALL | Visibility (VIS) | Grants access to see all Business Role and Location combinations. The role specifically grants access to the following user interface controls and web services: |
ACT-Location-Object-Administration-MyLocationsBelow | Activity (ACT) | Provides access to create, edit, and delete all locations in the person’s locations and below. |
ACT-Person-Object-Administration-MyOrg | Activity (ACT) | Provides access to create, edit, and delete Person objects in the person’s organization. |
ACT-Person-Password-Helpdesk-MyOrg | Activity (ACT) | Provides access to assist people in the person's organization by resetting passwords and unlocking accounts. |
Partner User | Role Bundle | See the Partner User Role Bundle table below for details about the access granted by the role. |
Partner User Role Bundle
Management Role | Role Type | Description |
|---|---|---|
 UI-IT-Shop-MS-Management-Role | Feature Set (Ui) | Grants access to shop for EmpowerID Management Roles in the IT Shop microservice app. The role specifically grants access to the following user interface controls, pages and reports, web services, and workflows: |
VIS-Management-Role-MyOrg | Visibility (VIS) | Grants access to see management roles in the person’s organizations. The role specifically grants access to invoke the following web services: |
VIS-Person-MyOrg | Visibility (VIS) | Grants access to see people in the person’s organizations. The role specifically grants access to the following user interface controls and web services: |
VIS-Management-Role-All | Visibility (VIS) | Grants access to see all Management Roles. The role specifically grants access to invoke the following web services: |
VIS-Groups-Security-MyOrg | Visibility (VIS) | Grants access to see all security groups in the person’s organizations. The role specifically grants access to the following user interface controls and web services: |
VIS-Groups-Distribution-MyOrg | Visibility (VIS) | Grants access to see all distribution groups in the person’s organizations. The role specifically grants access to the following user interface controls and web services: |
VIS-Groups-Generic-MyOrg | Visibility (VIS) | Grants access to see all generic groups in the person’s organizations. The role specifically grants access to the following user interface controls and web services: |
VIS-BusinessRole-Partner | Visibility (VIS) | Grants access to see all partner Business Roles. The role specifically grants access to the following user interface controls and web services: |
ACT-Person-Profile-Self-Service | Activity (ACT) | Grants users access to operations needed to edit their profiles. |
ACT-Person-MFA-Self-Service | Activity (ACT) | Grants users access to operations needed to edit their MFA options. |
Password-Self-Service | Role Bundle | Grants users access to perform password self-service. This role bundle grants access to the following additional Management Roles: |
IAM Shop, My Tasks, and My Identity Self-Service Basic Access | Role Bundle | Grants access for the UI to use the IAM Shop, My Tasks, My Identity microservices but does not grant visibility to objects or the UI- roles for each resource type. This may be added separately as needed. This role bundle grants access to the following additional Management Roles: |