Assigning Management Roles Needed to Access to Resource Admin
- Phillip Hanegan
EmpowerID employs Management Roles to control access to Resource Admin, a microservice for managing various resources (such as applications, groups, and shared folders). These Management Roles ensure users can access only the parts of the Resource Admin microservice that are relevant to their responsibilities.
Resource Admin Management Roles are categorized into two types:
UI-* Management Roles – Provide access to the application’s user interface (UI) components, including pages, controls, workflows, and reports.
VIS-Res-Admin-MS-API Management Role – Grants access to the APIs used by the Resource Admin microservice.
Important: A user must be granted both the relevant UI-* role(s) and the VIS-Res-Admin-MS-API role to use all aspects of the microservice. Additionally, they must have any required activity (ACT-<Resource>-*) and visibility (VIS-<Resource>-*) roles applicable to the persona they use in Resource Admin. For example, if a user needs to manage shared folders, they will require the corresponding ACT and VIS Management Roles for those folders.
Viewing Assigned Management Roles
EmpowerID allows you to view all Management Roles the Resource Admin microservice uses. Follow these steps:
In the navbar of the EmpowerID Web app, go to Apps and Authentication > Applications.
On the Applications tab, search for Resource Admin Microservice App and click the Display Name link for the app.
This opens the View One page for the microservice, allowing you to view and manage relevant objects in EmpowerID.
Select the App Resources tab and expand the Management Roles Used By This Application section.
You will see a list of all Management Roles associated with the Resource Admin microservice.
To manage resources in Resource Admin, users need one or more of the following Management Role assignments (based on their required scope).
Table 1: Resource Admin Management Roles
Management Role | Role Type | Description |
|---|---|---|
UI-Res-Admin-MS-Application | Feature Set (Ui) | Provides access to the Resource Admin UI for managing applications. The role specifically grants access to the following user interface controls, pages and reports, and workflows: |
UI-Res-Admin-MS-Application Base | Feature Set (UI) | This least privilege role provides basic access to the Resource Admin UI for managing applications.The role specifically grants access to the following user interface controls, pages and reports, and applications: |
UI-Res-Admin-MS-Application-Claims-Mapping-Policy | Feature Set (UI) | Provides access to Resource Admin UI for managing Azure Claims Mapping Policies. The role specifically grants access to the following user interface controls, pages and reports, and workflows: |
UI-Res-Admin-MS-Common | Feature Set (UI) | Provides access for common/shared UI used by the Resource Admin microservice. The role specifically grants Viewer access to the Resource Admin Microservice application.
|
UI-Res-Admin-MS-Groups | Feature Set (UI) | Provides access to Resource Admin UI for managing Groups. The role specifically grants access to the following user interface controls, pages and reports, and workflows: |
UI-Res-Admin-MS-Groups-Base | Feature Set (UI) | This least privileged role provides basic access to Resource Admin UI for managing groups. The role specifically grants access to the following user interface controls, pages and reports, web services, and applications: |
UI-Res-Admin-MS-Management-Role | Feature Set (UI) | Provides access to the Resource Admin UI for managing Management Roles. The role specifically grants access to the following user interface controls, pages and reports, and web services: |
UI-Res-Admin-MS-Management-Roles-Base | Feature Set (UI) | This least privilege role provides basic access to the Resource Admin UI for managing Management Roles. The role specifically grants access to the following user interface controls, pages, and reports: |
UI-Res-Admin-MS-Shared-Folders | Feature Set (UI) | Provides access to the Resource Admin UI for managing Shared Folders. The role specifically grants access to the following user interface controls, pages and reports, and web services: |
UI-Res-Admin-MS-Shared-Folders-Base | Feature Set (UI) | This least privileged role provides basic access to Resource Admin UI for managing shared folders. The role specifically grants access to the following user interface controls, pages, and reports: |
VIS-Res-Admin-MS-API | Visibility (VIS) | Provides access to the base web services required by all users of the Resource Admin microservice.
|