Management Roles Needed to Access People
EmpowerID employs Management Roles to control access to its resources. Users must be assigned appropriate roles to manage and interact with personnel data within the system. These Management Roles are categorized based on their functional prefixes in EmpowerID, as described below.
UI Roles: These roles, identified by the "UI" prefix, provide users access to specific interface elements within the EmpowerID interfaces. For instance, the role "UI-Person-Object-Administration" enables access to user interfaces and workflows essential for managing Person objects.
VIS Roles: Roles starting with "VIS" enable users to view specific objects within EmpowerID. A typical role in this category is "VIS-Person-MyLocations," which allows users to view personnel in the same location as the person in this role.
ACT Roles: These roles, prefixed with "ACT," authorize users to actively manage specific objects in EmpowerID. For example, "ACT-Person-Role-Assignment-All" grants users access to assign or unassign roles to personnel.
To facilitate efficient role management, EmpowerID offers "Role Bundle" Management Roles. These bundles are pre-configured with the requisite roles necessary for various operational scenarios, allowing for convenient and rapid deployment of access rights suited to specific user requirements and organizational workflows. This bundling strategy simplifies the administration of roles and enhances security by ensuring that users have precisely the access they need to perform their duties.
EmpowerID restricts access to resources through the use of Management Roles. Users must be assigned to the appropriate roles to work with Person objects. Management Roles are prefixed by their function in EmpowerID and include the following:
UI – Management Roles prefixed with UI grant users access to specific UI elements in the EmpowerID Web interface. An example of this type of role for people is UI-Person-Object-Administration. This role grants access to the user interfaces and workflows for managing Person objects.
VIS – Management Roles prefixed with VIS grant users the ability to see specific objects in EmpowerID. An example of this type of role for people is VIS-Person-MyLocations. This role grants access to see people that belong to same location as the person with the role.
ACT – Management Roles prefixed with ACT grant users the ability to manage specific objects in EmpowerID. An example of this type of role for people is ACT-Person-Role-Assignment-All. This role grants users with the role the ability to assign and unassign people to and from roles.
Person Role Bundles
Profile Self-Service
Grants users access to view and edit their profiles. The bundle is comprised of the following Management Roles:
Person Identity Admin for Your Locations
Roles needed to view people
To view people in EmpowerID, users need to have one of the following Management Role assignments (based on the needed scope):
Roles needed to manage profiles
To manage the profile information of people, users need to have a combination of the following Management Role assignments (based on the needed scope):
Roles needed to manage Management Role assignments
To manage the Management Role assignments of people, users need to have a combination of the following Management Role assignments (based on the needed scope):
Roles needed to manage Business Role assignments
To manage the Business Role assignments of people, users need to have a combination of the following Management Role assignments (based on the needed scope):
Roles needed to manage group membership
To manage the group membership of people, users need to have the following Management Role assignment:
Roles Needed to Create Person Objects
To create new Person objects in EmpowerID, users need to have a combination of the following Management Role assignments (based on the needed scope):
Roles Needed to Administer People
To perform administrative actions against people, such as creating and deleting them from EmpowerID, users need to have a combination of the following Management Role assignments (based on the needed scope):