c-Creating Role Definitions

In EmpowerID, Role Definitions are particularly useful for managing and assigning access to applications that contain a large number of app rights. A Role Definition is a collection of app rights that lists the actions users can perform against application data, such as read, write, and delete. By creating Role Definitions, administrators can bundle various app rights into comprehensive groups to efficiently assign appropriate access levels, ensuring users can perform their duties securely and effectively.

This article outlines the steps to create Role Definitions for PBAC-enabled applications in EmpowerID, providing a streamlined approach to access control and rights management.

Procedure

  1. Access the PBAC Application:

    • In Resource Admin, use the search functionality to find the PBAC application for which you intend to add Role Definitions.

    • Click the Details button for the app record.

      image-20240207-171518.png


      This action directs you to the Overview page for the application.

      image-20240207-171610.png

       

  2. Create Role Definition:

    • Expand the PBAC Definitions menu item, select Role Definitions, and click Create Role Definition.

    • This action initiates the "Onboard Az Local Role" wizard workflow.

     

  3. Complete the Wizard Workflow:

    • Follow the wizard and fill in the fields of each workflow section with the appropriate information for your application.

Field

Action

Field

Action

Name

Enter the name of the role definition

Display Name

Enter a display name for the role definition.

Description

Enter a brief characterization of the app right.

Instructions

Enter any relevant instructions for the role definition (Optional)

Select a Location

Select an EmpowerID location for the role definition.

App Rights Options

Select whether to add App Rights to the role definition while onboarding it. If you choose not to at this time, you can do so later.

 

Specify individuals responsible for the management and oversight of the role definition.

Field

Description

Action

Field

Description

Action

Responsible Party

Identifies the primary individual accountable for the role definition.

Type in the full name of the person who will take responsibility for managing the role definition. This field is mandatory.

Owners

Lists the people who have ownership rights over the role definition.

Enter the names of the individuals designated as owners. Providing owner information is optional but recommended for better governance.

Deputies

Specifies secondary contacts or assistants to the owners.

Input the names of individuals assigned as deputies. Including deputy information is optional.

 

Configure settings to determine how requests are handled and who can access them.

Field

Description

Action

Field

Description

Action

Set Requestable Setting

Determine if the app right should be requestable by users in the IAM Shop.

Enable the "Requestable in IAM Shop" to make the app right available for requests. When enabled, the settings below are relevant.

Select Access Request Policy

Defines the procedure for processing requests for the App Right.

From the "Select Access Request Policy" dropdown, choose the policy that best fits how you wish to handle incoming requests for the app right.

Eligible to Request

Specifies users allowed to request access to the app right.

Select the assignee type (e.g., Person, Group, Management Role) and then identify the individuals, groups, or roles eligible to make requests.

Pre-approved for Access

Specifies users who are pre-approved for access to the app right, bypassing the need for manual request approval.

Select the assignee type (e.g., Person, Group, Management Role) and then identify the individuals, groups, or roles pre-approved for the app right.

Suggested Assignees

Identifies users who will see the app right as a suggested resource.

Select the assignee type (e.g., Person, Group, Management Role) and then identify the individuals, groups, or roles suggested for app right eligibility.

  1. Add App Rights (if applicable):

    • If you chose to add app rights to the role definition, select the appropriate rights and click Next to continue.

       

  2. Review and Submit:

    • Review the summary information for accuracy. If changes are needed, click the Back button to revisit previous steps.

       

    • When ready, click Submit to create the role definition.

  3. Repeat as Necessary:

    • Repeat the procedure to add additional role definitions to the application as needed.

Expected Results

You should see the role definition has been added to the application.

To verify the app right assignments, click the Details button on the role definition record. This opens a drawer where you can view and manage the definition’s app rights and other related information.