Management Roles

Owned by Phillip Hanegan
Last updated: Sept 07, 2021
2 min read

Business Roles typically represent job positions within an organization and are used to bundle and report appropriate compliant access. However, modern organizations are composed of cross-functional teams working on initiatives or projects, and not all access is either job-based or necessarily assigned directly to each Business Role. In EmpowerID, this type of access is commonly bundled into manageable Task-Based RBAC or T-RBAC “activity-based” functional roles known as “Management Roles.” These Management Roles can be designed to grant the bundles of technical roles, entitlements, and permissions in external systems required to complete everyday job duties or tasks. EmpowerID leverages Management Roles extensively for the out-of-the-box granular roles shipped to delegate who may see which user interfaces, objects and perform which actions. These activity-based or task-based roles are broken down into three primary types to segregate the access they grant, allowing them to be easily reused and “composed” into any number of combinations without requiring the creation and maintenance of new roles.

Each Management Role is a child of a Management Role Definition. Management Role Definitions provide a baseline of access that you can use as a starting point for defining the access to resources given to a Management Role. When creating Management Roles from an existing parent definition, each role inherits the Access Level assignments of the parent. Roles can then be scoped with additional assignments as needed.

Management Roles derived from a common parent definition and scoped with additional access relative to their assignment point

 

T-RBAC Management Role Model

EmpowerID leverages Management Roles extensively for the out-of-the-box granular roles shipped to delegate who may see which user interfaces, objects and perform which actions. These activity-based or task-based roles are broken down into three primary types to segregate the access they grant, allowing them to be easily reused and “composed” into any number of combinations without requiring the creation and maintenance of new roles. The below image uses a Venn diagram to visually depict the three types of T-RBAC Management Roles and how they combine to enable task-based access.

 

Demo using Management Roles in EmpowerID

Key Takeaways:

  1. Management Roles are needed in modern organizations as not all access needed is job-based.

  2. Management Roles are derived from Management Role Definitions. A Management Role cannot be the child of another Management Role.

  3. A Management Role cannot have more than one parent.

Related Docs Topics: