Skip to end of banner
Go to start of banner

Resources and Resource Systems

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Version History

« Previous Version 3 Current »

One of EmpowerID's primary functions is to present an accurate picture of security across an organization's on-premises and cloud IT systems. Beyond viewing and auditing these systems, EmpowerID provides entitlement management capabilities—defined as “cataloging and managing all the accesses an account may have, as part of the business process used to provision access.”¹

EmpowerID accomplishes this through periodic inventory of "protected resources" from systems you want to manage. While other IAM systems might call this process "reconciliation," EmpowerID refers to it as "inventory."

Protected Resources?

Protected resources encompass any system, process, service, information object, or physical location subject to access control, as defined by resource owners and stakeholders like business process owners or risk managers. EmpowerID can inventory and manage diverse resources, including:

  • User accounts and groups

  • Computer systems

  • Azure subscriptions

  • SharePoint Online site collections

  • Many other resource types

Resource Systems

EmpowerID maintains a ResourceSystems table to track which systems to inventory, their schedules, and resource locations. Each system containing protected resources—including EmpowerID itself with its pages, roles, and APIs—must be registered with unique ResourceSystemID and ResourceSystemGUID identifiers.

System Types

EmpowerID uses two distinct connector types when interfacing with external systems:

Resource System Type defines the connector used specifically for inventorying data from external systems. This connector type focuses on reading and synchronizing resource information into EmpowerID's Identity Warehouse.

Security Boundary Type serves a different purpose, defining the connector used to directly manage resources in the external system. This includes:

  • Create, Update, and Delete operations

  • Attribute schema definitions for native objects

  • Direct manipulation of resources in their source systems

These two connector types work together to provide both comprehensive resource tracking and active management capabilities across your IT environment. While Resource System Types handle the discovery and monitoring of resources, Security Boundary Types enable EmpowerID to make controlled changes to those resources in their native systems.

Resource Management

Resource Records

When EmpowerID inventories resources, each one is assigned a unique ResourceID and ResourceGUID in the Resource table. The ResourceGUID typically matches the external system's unique identifier (GUID). Each resource has a ResourceTypeID that specifies its type and determines who can view or manage it. These "resources" (previously called "protected resources") align with EmpowerID component terminology.

Data Storage Architecture

Rather than storing all resource information in a single table, EmpowerID's Identity Warehouse contains over 1,200 specialized tables—one for each resource type. Each specialized table entry links back to its resource record through ResourceID and ResourceGUID.

This specialized table architecture serves multiple purposes:

  • Enables storage of detailed information specific to each resource type

  • Maintains relationships between resources through consistent identifiers

  • Provides rich management capabilities tailored to each resource type

  • Supports efficient querying and reporting across resource types

The combination of centralized resource tracking and specialized storage tables allows EmpowerID to effectively manage and secure the wide variety of resources in your IT environment.

https://youtu.be/g86rqKy_mi0

1 Source: Bago (Editor) E. & Glazer I., (2021) “Introduction to Identity - Part 1: Admin-time (v2)”, IDPro Body of Knowledge 1(5).

  • No labels