EmpowerID restricts access to roles through the use of Management Roles. To work with roles, users must be assigned to the appropriate roles. Management Roles are prefixed by their function in EmpowerID and include the following:
UI — Management Roles prefixed with UI grant users access to specific UI elements in the EmpowerID Web interface.
VIS — Management Roles prefixed with VIS grant users the ability to see specific objects in EmpowerID.
ACT — Management Roles prefixed with ACT grant users the ability to manage specific objects in EmpowerID.
Roles needed to create, update and delete Management Roles
To create, update and delete Management Roles, users need to have a combination of the following Management Role assignments (based on the needed scope):
Management Role
Access Granted by Management Role
Role Type
Management Role
Access Granted by Management Role
Role Type
UI-Management-Role-Object-Administration
Grants access to the user interfaces and workflows to create Person objects.
Feature Set — Inherits the below Access Levels from the parent Management Role Definition:
PAGES AND CONTROLS ACCESS
Find Management Role Page
Viewer for the page
Viewer for Advanced Tab
Viewer for the All Roles Tab
Viewer for the Management Role Definition Tab
Viewer for the Location Tree
Management Role View One Page
Viewer for the page
Viewer for the Actions Accordion
Viewer for the More Info Accordion
Viewer for the Advanced Tab
Management Role Edit One Page
Viewer for the page
Management Role Definition View One Page
Viewer for the page
Viewer for the Actions Accordion
Management Role Definition Edit One Page
Viewer for the page
Resultant Resource Locations Page
Viewer for the control
Create Management Role Page
Viewer for the page
Create Management Role Definition Page
Viewer for the page
EmpowerID Protected Application
Viewer for the control
Management Role Resource Type DropDown Item
Viewer for the control
WORKFLOW ACCESS
Management Role New
Initiator for the workflow
Edit Management Role NoUI
Initiator for the workflow
Delete Management Role
Initiator for the workflow
Management Role Definition New
Initiator for the workflow
Edit Management Role Definition NoUI
Initiator for the workflow
Delete Management Role Definition NoUI
Initiator for the workflow
Update Owner Assignee
Initiator for the workflow
Update Resource Locations
Initiator for the workflow
Update Resource Tags
Initiator for the workflow
Update Person Catalog Category Requestable Entitlements
Initiator for the workflow
VIS-Management-Role-MyLocations
Grants visibility for all Management Roles in a person's locations. Visibility is needed to access the Action links related to Management Roles.
Grants the ability to create, update, and delete all Management Role Definitions.
Activity
Roles needed to manage role membership
To manage role membership, users need to have a combination of the following Management Role assignments (based on the needed scope):
Management Role
Access Granted by Management Role
Role Type
Management Role
Access Granted by Management Role
Role Type
UI-Management-Role-Membership-Management
Grants access to the user interfaces and workflows to create Person objects.
Feature Set — Inherits the below Access Levels from the parent Management Role Definition:
PAGES AND CONTROLS ACCESS
Find Person Page
Viewer for the page
Viewer for the People Tab
View One Person Page
Viewer for the page
Viewer for the Manage Tab
Viewer for the Roles, Account, Login Security and Management Roles control
Viewer for the Advanced Attributes Editable Lists
Find Management Role Page
Viewer for the page
Viewer for the All Roles Tab
Management Role View One Page
Viewer for the page
Viewer for the General Tab
Viewer for the More Info Accordion
Viewer for the People Members of Management Role Grid
Resultant Resource Locations Page
Viewer for the control
WORKFLOW ACCESS
Update Management Role Assignments
Initiator for the workflow
Update Person Management Role Assignments
Initiator for the workflow
VIS-Management-Role-MyLocations
Grants visibility for all Management Roles in a person's locations.
Visibility
ACT-Management-Role-Membership-MyLocations
Grants the ability to manage the membership of Management Roles in a person's locations.
Activity
Management Role
Access Granted by Management Role
Role Type
Management Role
Access Granted by Management Role
Role Type
UI-Management-Role-Membership-Management
Grants access to the user interfaces and workflows to create Person objects.
Feature Set — Inherits the below Access Levels from the parent Management Role Definition:
PAGES AND CONTROLS ACCESS
Find Person Page
Viewer for the page
Viewer for the People Tab
View One Person Page
Viewer for the page
Viewer for the Manage Tab
Viewer for the Roles, Account, Login Security and Management Roles control
Viewer for the Advanced Attributes Editable Lists
Find Management Role Page
Viewer for the page
Viewer for the All Roles Tab
Management Role View One Page
Viewer for the page
Viewer for the General Tab
Viewer for the More Info Accordion
Viewer for the People Members of Management Role Grid
Resultant Resource Locations Page
Viewer for the control
WORKFLOW ACCESS
Update Management Role Assignments
Initiator for the workflow
Update Person Management Role Assignments
Initiator for the workflow
VIS-Management-Role-MyOrg
Grants visibility for all Management Roles in a person's organizations.
Visibility
ACT-Management-Role-Membership-MyOrg
Grants the ability to manage the membership of Management Roles in a person's organizations.
Activity
Roles needed to manage the RBAC delegations granted to roles
To manage the RBAC delegations of access granted to roles, users need to have a combination of the following Management Role assignments (based on the needed scope):