Configure IAM Shop Permission Levels
IAM Shop Permission Levels in EmpowerID are designed to represent permissions for specific resources within native systems, including shared folders, mailboxes, and computers. These permission levels can be configured by organizations to grant specific permissions to various resources. Examples of this might include setting a "read-only" access level for a shared folder or assigning "local admin" access to a computer.
When users request access to a resource that has been configured with IAM Shop Permission Levels, they are given the option to select a permission level. This process is demonstrated in the image below.
Â
In this example, the user sees two permission levels for a computer: "Local Admin" and "Domain Admin." Each of these levels is mapped to a specific group in the native system that grants the corresponding permissions. For instance, if a user selects the IAM Shop Permission Level named "Local Admin," EmpowerID fulfills the request by adding the user to the group granting local admin rights on the computer.
EmpowerID includes default IAM Shop Permission Levels for shared folders, computers, and mailboxes to represent native permissions. However, you can create custom permission levels with names that suit your environment. Once added to a resource, these custom permission levels appear to users shopping for those resources in the IAM Shop. For example, if you create an IAM Shop Permission Level for Computer X named "Power User," users will see "Power User" as a permission option for Computer X. The key to using IAM Shop Permission Levels effectively is ensuring they are mapped to the appropriate objects in the native system that grant the represented permissions. Without proper mapping, IAM Shop Permission Levels are merely labeled options.
https://dotnetworkflow.jira.com/wiki/spaces/EIDADV23/pages/3086876729
Â