Working with Location Usage Types

In its simplest form, an EmpowerID location is a container for holding resources. Each location has a Usage Type (OrgZoneUsageType) property that can be used to categorize the location and the objects assigned to those locations. For the IAM Shop, EmpowerID uses this property in conjunction with the value of several Resource System Settings to determine whether the processes for groups and domains for Business Roles appear to users requesting access to those objects.

Location Usage Type Settings

The settings that determine whether processes and domains appear for roles in the IAM Shop include the following:

• OrgZoneUsageType property of the locations to which groups and Business Roles are directly assigned. For the IAM Shop, this property can be set to one of the following values:

  • Process – Usage type for group locations

  • Domain – Usage type for Business Role locations

  • DifferentiationValue – Usage type for differentiation value

• Direct Assigned Location – Roles must be directly assigned to locations with the appropriate Usage Type setting. Roles assigned to multiple locations with different Usage Type values other than those designated for the role will not appear as processes or domains to users requesting access to those roles. For example, if a group is directly assigned to two locations, the first with a Usage Type set to Process and the second with a Usage Type set to Default, users will only see the first location as a process for the group.

• EmpowerID System Settings Configuration – These settings determine usage type and process mapping for role location assignments. These settings and their default values, shown in Table 1 below, should not be changed.

Open

Figure 2: Settings for Process and Domain Visibility

https://dotnetworkflow.jira.com/wiki/spaces/EIDADV23/pages/2984889199

https://dotnetworkflow.jira.com/wiki/spaces/EIDADV23/pages/2984889237

https://dotnetworkflow.jira.com/wiki/spaces/EIDADV23/pages/3126133137