You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Skip to end of banner
Go to start of banner

Assign IAM Shop Permission Levels to Computers

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 17 Next »

EmpowerID's IAM Shop Permission Levels facilitate access management for resources like applications, shared folders, and computers. Users can select these permission levels, like "Local Admin", "Power User", or "Backup Operator" when requesting access via the IAM Shop. For successful permission assignment, administrators need to assign IAM Shop Permission Levels to computers and map them to corresponding groups with those permissions. Keep in mind that these permission levels are just labels and must be accurately mapped to grant permissions. This article will outline the process of assigning and mapping IAM Shop Permission Levels to computers within EmpowerID.

EmpowerID includes “Local Admin” and “Domain Admin” as default IAM Shop Permission Levels for computers. However, to tailor permission levels to your specific needs, you have the option to create and label custom IAM Shop Permission Levels. If you're interested in this customization, please see Create IAM Shop Permission Levels.

How to assign IAM Shop Permission Levels to Computers

  1. Navigate to the View One page for the computer to which you want to assign IAM Shop Permission Levels.

    The quickest way to do this is to use the Global Search located at the top of each page.
    Show Me

    ComputerGlobalSearch.mp4

  2. Click the RBAC subtab on the View page for the computer, and expand IAM Shop Assignees for Requesting Access.

  3. Click the Add New (blue star) button.

  4. Under General, select the IAM Shop Permission Level you want to assign.


    Now that you have selected the permission level, the next step is to select the assignee granting the permission level (map the permission level). In our example, we are going to select an EmpowerID group that is mapped to a group on the native system. You can select any type of RBAC actor as the assignee type as long as that actor has a role that grants the access represented by the access level.

  5. Under Assignee Granting the Permission Level, do the following:

    1. Select the assignee type from the Which Type of Assignee For This Policy dropdown.

    2. Select the appropriate assignee from the Select <Assignee> To Receive Policy dropdown.

  6. Click Save.

     

  7. Repeat to add other assignees as needed.

  8. Click Submit to complete the process.

  • No labels