EmpowerID employs Management Roles to control access to Resource Admin. Resource Admin Management Roles are divided into UI- * Management Roles and VIS-Res-Admin-MS-API Management Roles. The UI-* Management Roles provide access to the application and UI components, such as pages and controls, while the VIS-Res-Admin-MS-API Management Role provides access to all the necessary APIs used by the microservice. For successful usage of the microservice, a person must have a combination of both the UI-* and VIS-Res-Admin-MS-API Management Roles, in addition to any required ACT-<Resource>-* (activity) and VIS-<Resource>-* (visibility) roles applicable for the persona they use. For example, if a user manages shared folders in Resource Admin, they would need the appropriate ACT and VIS Management Roles for those folders.
To manage resources in Resource Admin, users need to have one or more of the below Management Role assignments (based on the needed scope):
Management Role | Role Type | Description |
|---|---|---|
UI-Res-Admin-MS-Application | Feature Set (Ui) | Provides access to the Resource Admin UI for managing applications. The role specifically grants access to the following user interface controls, pages and reports, and workflows: |
UI-Res-Admin-MS-Application Base | Feature Set (UI) | This least privilege role provides basic access to the Resource Admin UI for managing applications.The role specifically grants access to the following user interface controls, pages and reports, and applications: |
UI-Res-Admin-MS-Application-Claims-Mapping-Policy | Feature Set (UI) | Provides access to Resource Admin UI for managing Azure Claims Mapping Policies. The role specifically grants access to the following user interface controls, pages and reports, and workflows: |
UI-Res-Admin-MS-Common | Feature Set (UI) | Provides access for common/shared UI used by the Resource Admin microservice. The role specifically grants Viewer access to the Resource Admin Microservice application. |
UI-Res-Admin-MS-Groups | Feature Set (UI) | Provides access to Resource Admin UI for managing Groups. The role specifically grants access to the following user interface controls, pages and reports, and workflows: |
UI-Res-Admin-MS-Groups-Base | Feature Set (UI) | This least privileged role provides basic access to Resource Admin UI for managing groups. The role specifically grants access to the following user interface controls, pages and reports, web services, and applications: |
UI-Res-Admin-MS-Management-Role | Feature Set (UI) | Provides access to the Resource Admin UI for managing Management Roles. The role specifically grants access to the following user interface controls, pages and reports, and web services: |
UI-Res-Admin-MS-Management-Roles-Base | Feature Set (UI) | This least privilege role provides basic access to the Resource Admin UI for managing Management Roles. The role specifically grants access to the following user interface controls, pages, and reports: |
UI-Res-Admin-MS-Shared-Folders | Feature Set (UI) | Provides access to the Resource Admin UI for managing Shared Folders. The role specifically grants access to the following user interface controls, pages and reports, and web services: |
UI-Res-Admin-MS-Shared-Folders-Base | Feature Set (UI) | This least privileged role provides basic access to Resource Admin UI for managing shared folders. The role specifically grants access to the following user interface controls, pages, and reports: |
VIS-Res-Admin-MS-API | Visibility (VIS) | Provides access to the base web services required by all users of the Resource Admin microservice. |