Create New Object - RBAC

Owned by Phillip Hanegan
Jan 31, 2020
1 min read

When a new resource is created in EmpowerID, the identifier of the person who created the item is stored in the CreatedByPersonID field in the Resource table of the Identity Warehouse. The RBAC engine uses this information, as well as the CreatedDate field, to calculate a two-hour window after the created date. During this two-hour window, the person who created the item can execute any operation against the newly created object without requiring approval. After that period, the RBAC engine performs regular checks and if the creator of the resource does not have the delegations needed to execute an operation against that resource, the engine routes the request for approval.