IT Shop Microservice Overview

Owned by Phillip Hanegan
Last updated: Aug 07, 2020
8 min read

The IT Shop makes shopping for, and requesting access to, resources easy. Instead of navigating throughout the Web site looking for a specific resource — like an Application Role or a Business Role — you can go to the IT Shop. The IT Shop allows you to quickly see what resources you currently have access to and shop for more — either for yourself and for another person, such as a direct reports. You simply search for what you want and put it in your cart. Once an item is placed in the cart, it stays in the cart until you check out or remove it. In this way, you can go about your business, navigating away from the IT Shop and even logging out of the Web application without losing the contents of your cart. When you are ready to checkout, that is, submit your access request(s), you review the items in your cart, add a reason for requesting those items and then submit your request. Each requested item routes for approval — first to managers and then to those with the RBAC delegations needed to make the final decision.


The below image shows the main actions you take to shop for a resource in the IT Shop. The actual process involves completing a number of preliminary and intermediate steps before you reach the page depicted. A discussion of these steps, the UI elements that appear for each, as well as a more detailed overview of the shopping flow follows the image.

 

The first time you navigate to the IT Shop, the system asks you a few questions in order to provide you with a shopping experience tailored to your specific needs. Depending on your role within your organization, the first question you will need to answer is whether you are shopping for yourself or for another person. If shopping for another person, you simply type the name of that person in the Someone Else field and then select the person.

If your role does not allow you to shop for another person, you will not be asked this question.

 

Once you specify for whom you are shopping (if applicable to your role), you are asked to select the resource type for which you are shopping. Currently, resource types available are Business Roles and Application Roles. Selecting the appropriate resource type filters the resources you see to only those belonging to the selected resource type.

 

After selecting the resource type, you then select either the Domain and sub-domain or the Process and sub-process, depending on the resource type you selected. If you selected Application Roles, you are asked to choose a Domain and sub-domain; if you select Business Roles, you are asked to choose a Process and sub-process. These terms mean essentially the same thing. You are simply narrowing the number of roles you can select to those relevant to your position within the organization. For example, if you are looking for an Application Role, and your position involves server management, the Domain and sub-domain could be IT and Server Management, respectively. Similarly, if you are looking for a Business Role and you work in the Accounts Payable office for Financial Accounting, the Process and sub-process could be Financial Accounting and Accounts Payable, respectively.

 

After you have selected either the Process and sub-process or Domain and sub-domain, the system directs you to the main page of the IT Shop with a filtered view of the roles available to you based on your selections. Most likely you will not see all roles within your organization, but only a subset based on the access granted to you.

Exploring the IT Shop

As shown by the below image, the IT Shop comprises a number of elements with which you can interact. The purpose of each of these elements and how you interact with them are discussed after the image. Depending on how your organization configures the IT Shop, some of these elements may not be available to you.

 

The below table describes the function of the IT Shop elements highlighted in the above image.

IT Shop Element

Function

IT Shop Element

Function

The Sidebar contains panes for interacting with additional shopping features. Each is described below.

  • Business Roles and Application Roles

  • Displays the number of roles per type that you may shop for. You can switch from role type to the other by clicking on that type. The highlighted role type indicates the actively searched for role type.

  • Shopping For

  • Displays whether you are shopping for yourself or for another person and gives you the option to change the target customer.

  • Suggested Application Roles

  • This pane displays when shopping for Application Roles. Specifies whether the system shows additional Application Roles that you could request in the Roles Pane. Suggested Application Roles are contingent on your current Business Role and the access that Business Role has to Application Roles.

  • Tcode Search

  • For organizations using SAP. Allows users to filter Business Roles appearing in the Roles Pane based on a specific Tcode.

  • Domain

  • This pane displays only when shopping for Application Roles. The pane shows the current Domain for the selected Application Role and gives you options to search for and select other sub-domains for that specific Domain. Each selection displays the Application Role(s) that you could request access to within that Domain and sub-domain.

  • Business Processes

  • This pane displays when shopping for Business Roles only. The pane shows the current business process for the selected Business Role and gives you options to search for and select other business processes. Each selection displays the Business Role(s) that you could request access to.

  • Business Functions

  • This pane shows the current business function for the selected Business Role and gives you options to search for and select other business functions. Each selection allows you to view the Business Roles related to those functions that you could request access to.

  • Advanced Search

  • This pane gives you the ability to search for roles advanced parameters.
    By Reference Person — This allows you to filter the roles displayed in the Roles pane to those that the referenced person currently has. This option can be helpful when another person has the same job function.
    By Title — This allows you to filter the roles displayed in the Roles pane to those that the referenced title currently has.
    By Department — This allows you to filter the roles displayed in the Roles pane to those that the people in the referenced department currently have.
    By Manager — This allows you to filter the roles displayed in the Roles pane to those that the referenced manager currently has.
    Tags — This allows you to filter the roles displayed by tag name.

Roles Pane

This pane displays the Application or Business Roles to which you may request access based on the filters applied.

Resource Filter

Displays the current filters applied to the search results. In the image to the right, there are two filters applied, a business process filter (green) and a reference person filter (purple). The Delete all Filters button deletes all filters to display all Business Roles and Application Roles that you may request.

Drawer

The Drawer opens when you click Check Access on any given role appears in the Roles pane. The Drawer provides an overview of the assignment and provides fields where you enter further information about the role assignment before adding it to your cart. Closing the Drawer without adding the role to your cart, removes the role from the Drawer.

Information Hub

Displays icons that you can click to access general help information or information specific to yourself.

  • My Profile — Provides access to some self-service activities, such as changing your password and viewing your current access.

  • Help — Directs you to IT Shop-related help.

  • Language Selector — Allows you select your preferred language.

  • Notifications — Displays any messages you may have.

Cart

The Cart holds all your requests. When ready to submit them, you open the cart and evaluate your requests for any violations to your organization’s Separation of Duties policies. If any violations are found, you can either remove those items from your cart or simply acknowledge them.

 

After you have entered the main page for the IT Shop, you can check your access to the currently selected role(s) or use the elements of the Sidebar to change the filters and search for other roles. Once you find a role, you place it in the Drawer, add it to your cart and then “purchase” it.

Purchasing Roles

Once you find a role, you check your access to it. Doing so opens the Drawer. The Drawer is an intermediate container for the potential purchase. It displays information about the requested role subscription as well as a several fields for setting additional parameters. Depending on the type of role you request, the number of parameters differs. For all role types, you must specify the start date and time for the subscription, as well as the end date and time. Business Roles require this as well as the differentiation type and differentiation value.

The below image shows the Drawer that opens when you click Check Access on a role. As the role is a Business Role, you need to specify the differentiation type, differentiation value, start date and time and the end date and time to add it to your cart.

 

Once the Drawer is open, you can choose to close it by clicking the Close button (X) at the top of the Drawer or you can move the role to your cart. Once a role has been moved to the cart, you can continue to shop for more roles or checkout. When checking out, you must evaluate the roles in your cart to see if being assigned to any of them causes a violation of your organization’s policies. If a violation is detected, you must acknowledge the violation or remove the offending roles from the cart before submitting your request. Once you submit your role requests, EmpowerID routes them to your managers and other people with the ability to approve them. Once approved you have the requested roles.

The below image summarizes the process for purchasing or requesting roles from the IT Shop.