You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

User Account and Group Management Roles

Owned by Phillip Hanegan
Last updated: Nov 18, 2021
22 min read

EmpowerID restricts access to accounts and groups through the use of Management Roles. To view and work with accounts and groups users must be assigned to the appropriate roles. Management Roles are prefixed by their function in EmpowerID and include the following:

  • UI — Management Roles prefixed with UI grant users access to specific UI elements in the EmpowerID Web interface.

  • VIS — Management Roles prefixed with VIS grant users the ability to see specific objects in EmpowerID.

  • ACT — Management Roles prefixed with ACT grant users the ability to manage specific objects in EmpowerID.

Roles needed by users to view and edit account profile information

To view and edit their basic account information, users need to have the following Management Role assignments:

Management Role

Access Granted by Management Role

Role Type

Management Role

Access Granted by Management Role

Role Type

UI-Account-Profile-Edit

Grants access to the user interfaces and workflows for viewing basic information about user accounts, as well as the ability to edit profile attributes.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

  • Find Account Page

    • Viewer for the page

  • Account View One Page

    • Viewer for the page

    • Viewer for the Actions Accordion

    • Viewer for the Advanced Tab

  • Account Edit One Page

    • Viewer for the page

 

WORKFLOW ACCESS

  • Resource Manager Account Update

    • Initiator for the workflow

Management Role

Access Granted by Management Role

Role Type

Management Role

Access Granted by Management Role

Role Type

UI-Account-Profile-Edit

Grants access to the user interfaces and workflows for viewing basic information about user accounts, as well as the ability to edit profile attributes.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

  • Find Account Page

    • Viewer for the page

  • Account View One Page

    • Viewer for the page

    • Viewer for the Actions Accordion

    • Viewer for the Advanced Tab

  • Account Edit One Page

    • Viewer for the page

 

WORKFLOW ACCESS

  • Resource Manager Account Update

    • Initiator for the workflow

VIS-Accounts-MyLocations

Grants visibility for all user accounts in the same locations as the currently logged in user.

Visibility

Management Role

Access Granted by Management Role

Role Type

Management Role

Access Granted by Management Role

Role Type

UI-Account-Profile-Edit

Grants access to the user interfaces and workflows for viewing basic information about user accounts, as well as the ability to edit profile attributes.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

  • Find Account Page

    • Viewer for the page

  • Account View One Page

    • Viewer for the page

    • Viewer for the Actions Accordion

    • Viewer for the Advanced Tab

  • Account Edit One Page

    • Viewer for the page

 

WORKFLOW ACCESS

  • Resource Manager Account Update

    • Initiator for the workflow

VIS-Accounts-MyOrg

Grants visibility for all user accounts in the same organizations as the currently logged in user.

Visibility

Management Role

Access Granted by Management Role

Role Type

Management Role

Access Granted by Management Role

Role Type

UI-Account-Profile-Edit

Grants access to the user interfaces and workflows for viewing basic information about user accounts, as well as the ability to edit profile attributes.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

  • Find Account Page

    • Viewer for the page

  • Account View One Page

    • Viewer for the page

    • Viewer for the Actions Accordion

    • Viewer for the Advanced Tab

  • Account Edit One Page

    • Viewer for the page

 

WORKFLOW ACCESS

  • Resource Manager Account Update

    • Initiator for the workflow

Active Directory User Accounts — In addition to the UI-Account-Membership-Management Management Role, users need the following role to see Active Directory user accounts

VIS-Accounts-AD

Grants visibility for all Active Directory user accounts.

Visibility

AWS User Accounts — In addition to the UI-Account-Membership-Management Management Role, users need the following role to see Amazon Web Services user accounts

VIS-Accounts-AWS

Grants visibility for all user accounts in any Amazon Web Services account store.

Visibility

Linux User Accounts — In addition to the UI-Account-Membership-Management Management Role, users need the following role to see Linux user accounts

VIS-Accounts-Linux

Grants visibility for all Linux user accounts.

Visibility

Local Windows User Accounts — In addition to the UI-Account-Membership-Management Management Role, users need the following role to see Local Windows Server user accounts

VIS-Accounts-LocalWindows

Grants visibility for all user accounts belonging to Local Windows Server account stores.

Visibility

Office 365 User Accounts — In addition to the UI-Account-Membership-Management Management Role, users need the following role to see Office 365 user accounts

VIS-Accounts-O365

Grants visibility for all Office 365 / Azure AD user accounts.

Visibility

SAP User Accounts — In addition to the UI-Account-Membership-Management Management Role, users need the following role to see SAP user accounts

VIS-Accounts-SAP

Grants visibility for all SAP user accounts.

Visibility

Management Role

Access Granted by Management Role

Role Type

Management Role

Access Granted by Management Role

Role Type

UI-Account-Profile-Edit

Grants access to the user interfaces and workflows for viewing basic information about user accounts, as well as the ability to edit profile attributes.

Feature Set — Inherits the below Access Levels from the parent Management Role Definition:

PAGES AND CONTROLS ACCESS

  • Find Account Page

    • Viewer for the page

  • Account View One Page

    • Viewer for the page

    • Viewer for the Actions Accordion

    • Viewer for the Advanced Tab

  • Account Edit One Page

    • Viewer for the page

 

WORKFLOW ACCESS

  • Resource Manager Account Update

    • Initiator for the workflow

VIS-Accounts-All-IT-Systems

Grants visibility for all accounts under All IT Systems.

Visibility

Roles needed to add and remove accounts to and from groups

To manage the group assignments of user accounts, users need to have a combination of the following Management Role assignments (based on the needed scope).

Roles needed to create, update and delete accounts

To create, update and delete user accounts in EmpowerID, people need to have a combination of the following Management Role assignments (based on the needed scope):

Roles needed to create, update and delete groups

To create, update and delete groups in EmpowerID, people need to have a combination of the following Management Role assignments (based on the needed scope):

IN THIS ARTICLE

Â