Membership and Permissions

EmpowerID manages access to resources by using a combination of native system rights for applicable resource systems (such as Azure Active Directory and Windows Servers) and EmpowerID Operations. Each EmpowerID Operation is a protected code object that when executed within an EmpowerID workflow allows a resource within EmpowerID or a custom application to be accessed in a way that is consistent with the operation and the type of resource being accessed. Some examples include adding users to groups, creating mailboxes, updating user attributes or even viewing certain objects such as EmpowerID pages and reports. Each of these tasks correspond to a specific operation for a specific resource type that must be delegated to users (via Access Level assignments ) for each object with which they wish to interact.

As all access granted to any EmpowerID actor type is ultimately consumed by a person, the easiest way to manage user permissions is through role and group memberships. In this model, you define the access to IT resources users need and then assign those users to the roles and groups that best match those access requirements. This greatly simplifies permissions management. Rather than managing the access of hundreds or thousands of individual users, you need only manage the permissions granted to a handful of groups and roles and use policies to automate who belongs to those roles and groups.

 

 

Membership – EmpowerID allows dynamic assignment of users to a group’s membership or role using role-based delegations. Assignees can be any EmpowerID Actor type, such as Business Role and Location combinations, Management Roles, Query-Based Collections, and other groups or roles.

For Example, we can create a dynamic group membership for anyone assigned to a specific Business Role and Location. Thus, any person who belongs to that Business Role and Location is automatically added to the group or role as a member.

Permissions – permissions are nothing but rights to do certain things in the system. User groups or roles allow you to specify permissions for many users, making it easier to manage those users' permissions.

Membership and permissions are configured for birthright access by EmpowerID using four simple steps as depicted in the image below:

  1. Grant Who – which users to grant the access.

  2. Which Type of access – which type of access to be granted.

  3. Where: Select Resources or a Location – which resources or location the user will get access to.

  4. Why & for How Long – for how long the access will be granted.

Key Takeaways:

  1. EmpowerID allows dynamic assignment of users to a group’s membership using role-based delegations.

  2. Permissions are nothing but rights to do certain things in the system.

  3. Membership and permissions can be configured for birthright access by EmpowerID.

Related Docs Topics:

Membership