Access Needed to Manage Management Roles
EmpowerID restricts access to roles through the use of Management Roles. To work with roles, users must be assigned to the appropriate roles. Management Roles are prefixed by their function in EmpowerID and include the following:
- UI — Management Roles prefixed with UI grant users access to specific UI elements in the EmpowerID Web interface.
- VIS — Management Roles prefixed with VIS grant users the ability to see specific objects in EmpowerID.
- ACT — Management Roles prefixed with ACT grant users the ability to manage specific objects in EmpowerID.
Roles needed to create, update and delete Management Roles
To create, update and delete Management Roles, users need to have a combination of the following Management Role assignments (based on the needed scope):
Roles needed by people to create, update and delete Management Roles in their locations
| Management Role | Access Granted by Management Role |
|---|
| UI-Management-Role-Object-Administration | Grants access to the user interfaces and workflows to create Person objects.
Feature Set — Inherits the below Access Levels from the parent Management Role Definition:
Pages and Controls Access- Find Management Role Page
- Viewer for the page
- Viewer for Advanced Tab
- Viewer for the All Roles Tab
- Viewer for the Management Role Definition Tab
- Viewer for the Location Tree
- Management Role View One Page
- Viewer for the page
- Viewer for the Actions Accordion
- Viewer for the More Info Accordion
- Viewer for the Advanced Tab
- Management Role Edit One Page
- Management Role Definition View One Page
- Viewer for the page
- Viewer for the Actions Accordion
- Management Role Definition Edit One Page
- Resultant Resource Locations Page
- Create Management Role Page
- Create Management Role Definition Page
- EmpowerID Protected Application
- Management Role Resource Type DropDown Item
Workflow Access- Management Role New
- Initiator for the workflow
- Edit Management Role NoUI
- Initiator for the workflow
- Delete Management Role
- Initiator for the workflow
- Management Role Definition New
- Initiator for the workflow
- Edit Management Role Definition NoUI
- Initiator for the workflow
- Delete Management Role Definition NoUI
- Initiator for the workflow
- Update Owner Assignee
- Initiator for the workflow
- Update Resource Locations
- Initiator for the workflow
- Update Resource Tags
- Initiator for the workflow
- Update Person Catalog Category Requestable Entitlements
- Initiator for the workflow
|
| VIS-Management-Role-MyLocations | Grants visibility for all Management Roles in a person's locations. Visibility is needed to access the Action links related to Management Roles. |
| ACT-Management-Role-Object-Administration-MyLocations | Grants the ability to create, update, and delete Management Roles in a person's locations. |
| VIS-Management-Role-Definition-All | Grants visibility for all Management Role Definitions in the system. |
Roles needed by people to create, update and delete Management Roles in their organizations
| Management Role | Access Granted by Management Role |
|---|
| UI-Management-Role-Object-Administration | Grants access to the user interfaces and workflows to create Person objects.
Feature Set — Inherits the below Access Levels from the parent Management Role Definition:
Pages and Controls Access- Find Management Role Page
- Viewer for the page
- Viewer for Advanced Tab
- Viewer for the All Roles Tab
- Viewer for the Management Role Definition Tab
- Viewer for the Location Tree
- Management Role View One Page
- Viewer for the page
- Viewer for the Actions Accordion
- Viewer for the More Info Accordion
- Viewer for the Advanced Tab
- Management Role Edit One Page
- Management Role Definition View One Page
- Viewer for the page
- Viewer for the Actions Accordion
- Management Role Definition Edit One Page
- Resultant Resource Locations Page
- Create Management Role Page
- Create Management Role Definition Page
- EmpowerID Protected Application
- Management Role Resource Type DropDown Item
Workflow Access- Management Role New
- Initiator for the workflow
- Edit Management Role NoUI
- Initiator for the workflow
- Delete Management Role
- Initiator for the workflow
- Management Role Definition New
- Initiator for the workflow
- Edit Management Role Definition NoUI
- Initiator for the workflow
- Delete Management Role Definition NoUI
- Initiator for the workflow
- Update Owner Assignee
- Initiator for the workflow
- Update Resource Locations
- Initiator for the workflow
- Update Resource Tags
- Initiator for the workflow
- Update Person Catalog Category Requestable Entitlements
- Initiator for the workflow
|
| VIS-Management-Role-MyOrg | Grants visibility for all Management Roles in a person's organizations. Visibility is needed to access the Action links related to Management Roles. |
| ACT-Management-Role-Object-Administration-MyOrg | Grants the ability to create, update, and delete Management Roles in a person's organizations. |
| VIS-Management-Role-Definition-All | Grants visibility for all Management Role Definitions in the system. |
Roles needed by people to create, update and delete all Management Roles in any location
| Management Role | Access Granted by Management Role |
|---|
| UI-Management-Role-Object-Administration | Grants access to the user interfaces and workflows to create Person objects.
Feature Set — Inherits the below Access Levels from the parent Management Role Definition:
Pages and Controls Access- Find Management Role Page
- Viewer for the page
- Viewer for Advanced Tab
- Viewer for the All Roles Tab
- Viewer for the Management Role Definition Tab
- Viewer for the Location Tree
- Management Role View One Page
- Viewer for the page
- Viewer for the Actions Accordion
- Viewer for the More Info Accordion
- Viewer for the Advanced Tab
- Management Role Edit One Page
- Management Role Definition View One Page
- Viewer for the page
- Viewer for the Actions Accordion
- Management Role Definition Edit One Page
- Resultant Resource Locations Page
- Create Management Role Page
- Create Management Role Definition Page
- EmpowerID Protected Application
- Management Role Resource Type DropDown Item
Workflow Access- Management Role New
- Initiator for the workflow
- Edit Management Role NoUI
- Initiator for the workflow
- Delete Management Role
- Initiator for the workflow
- Management Role Definition New
- Initiator for the workflow
- Edit Management Role Definition NoUI
- Initiator for the workflow
- Delete Management Role Definition NoUI
- Initiator for the workflow
- Update Owner Assignee
- Initiator for the workflow
- Update Resource Locations
- Initiator for the workflow
- Update Resource Tags
- Initiator for the workflow
- Update Person Catalog Category Requestable Entitlements
- Initiator for the workflow
|
| VIS-Management-Role-All | Grants visibility for all Management Roles in the system. Visibility is needed to access the Action links related to Management Roles. |
| ACT-Management-Role-Object-Administration-All | Grants the ability to create, update, and delete all Management Roles. |
| VIS-Management-Role-Definition-All | Grants visibility for all Management Role Definitions in the system. |
| ACT-Management-Role-Definition-Object-Administration-All | Grants the ability to create, update, and delete all Management Role Definitions. |
Roles needed to manage role membership
To manage role membership, users need to have a combination of the following Management Role assignments (based on the needed scope):
Roles needed by people to manage the membership of roles in their locations
| Management Role | Access Granted by Management Role |
|---|
| UI-Management-Role-Membership-Management | Grants access to the user interfaces and workflows to create Person objects.
Feature Set — Inherits the below Access Levels from the parent Management Role Definition:
Pages and Controls Access- Find Person Page
- Viewer for the page
- Viewer for the People Tab
- View One Person Page
- Viewer for the page
- Viewer for the Manage Tab
- Viewer for the Roles, Account, Login Security and Management Roles control
- Viewer for the Advanced Attributes Editable Lists
- Find Management Role Page
- Viewer for the page
- Viewer for the All Roles Tab
- Management Role View One Page
- Viewer for the page
- Viewer for the General Tab
- Viewer for the More Info Accordion
- Viewer for the People Members of Management Role Grid
- Resultant Resource Locations Page
Workflow Access- Update Management Role Assignments
- Initiator for the workflow
- Update Person Management Role Assignments
- Initiator for the workflow
|
| VIS-Management-Role-MyLocations | Grants visibility for all Management Roles in a person's locations. Visibility is needed to access the Action links related to Management Roles. |
| ACT-Management-Role-Membership-MyLocations | Grants the ability to manage the membership of Management Roles in a person's locations. |
Roles needed by people to manage the membership of roles in their organizations
| Management Role | Access Granted by Management Role |
|---|
| UI-Management-Role-Membership-Management | Grants access to the user interfaces and workflows to create Person objects.
Feature Set — Inherits the below Access Levels from the parent Management Role Definition:
Pages and Controls Access- Find Person Page
- Viewer for the page
- Viewer for the People Tab
- View One Person Page
- Viewer for the page
- Viewer for the Manage Tab
- Viewer for the Roles, Account, Login Security and Management Roles control
- Viewer for the Advanced Attributes Editable Lists
- Find Management Role Page
- Viewer for the page
- Viewer for the All Roles Tab
- Management Role View One Page
- Viewer for the page
- Viewer for the General Tab
- Viewer for the More Info Accordion
- Viewer for the People Members of Management Role Grid
- Resultant Resource Locations Page
Workflow Access- Update Management Role Assignments
- Initiator for the workflow
- Update Person Management Role Assignments
- Initiator for the workflow
|
| VIS-Management-Role-MyOrg | Grants visibility for all Management Roles in a person's organizations. Visibility is needed to access the Action links related to Management Roles. |
| ACT-Management-Role-Membership-MyOrg | Grants the ability to manage the membership of Management Roles in a person's organizations. |
Roles needed by people to manage the membership of all roles
| Management Role | Access Granted by Management Role |
|---|
| UI-Management-Role-Membership-Management | Grants access to the user interfaces and workflows to create Person objects.
Feature Set — Inherits the below Access Levels from the parent Management Role Definition:
Pages and Controls Access- Find Person Page
- Viewer for the page
- Viewer for the People Tab
- View One Person Page
- Viewer for the page
- Viewer for the Manage Tab
- Viewer for the Roles, Account, Login Security and Management Roles control
- Viewer for the Advanced Attributes Editable Lists
- Find Management Role Page
- Viewer for the page
- Viewer for the All Roles Tab
- Management Role View One Page
- Viewer for the page
- Viewer for the General Tab
- Viewer for the More Info Accordion
- Viewer for the People Members of Management Role Grid
- Resultant Resource Locations Page
Workflow Access- Update Management Role Assignments
- Initiator for the workflow
- Update Person Management Role Assignments
- Initiator for the workflow
|
| VIS-Management-Role-All | Grants visibility for all Management Roles. |
| ACT-Management-Role-Membership-All | Grants the ability to manage the membership of all Management Roles. |
Roles needed to manage the RBAC delegations granted to roles
To manage the RBAC delegations of access granted to roles, users need to have a combination of the following Management Role assignments (based on the needed scope):
Roles needed by people to manage the RBAC delegations of roles in their locations
| Management Role | Access Granted by Management Role |
|---|
| UI-Management-Role-Object-Administration | Grants access to the user interfaces and workflows to create Person objects.
Feature Set — Inherits the below Access Levels from the parent Management Role Definition:
Pages and Controls Access- Find Management Role Page
- Viewer for the page
- Viewer for Advanced Tab
- Viewer for the All Roles Tab
- Viewer for the Management Role Definition Tab
- Viewer for the Location Tree
- Management Role View One Page
- Viewer for the page
- Viewer for the Actions Accordion
- Viewer for the More Info Accordion
- Viewer for the Advanced Tab
- Management Role Edit One Page
- Management Role Definition View One Page
- Viewer for the page
- Viewer for the Actions Accordion
- Management Role Definition Edit One Page
- Resultant Resource Locations Page
- Create Management Role Page
- Create Management Role Definition Page
- EmpowerID Protected Application
- Management Role Resource Type DropDown Item
Workflow Access- Management Role New
- Initiator for the workflow
- Edit Management Role NoUI
- Initiator for the workflow
- Delete Management Role
- Initiator for the workflow
- Management Role Definition New
- Initiator for the workflow
- Edit Management Role Definition NoUI
- Initiator for the workflow
- Delete Management Role Definition NoUI
- Initiator for the workflow
- Update Owner Assignee
- Initiator for the workflow
- Update Resource Locations
- Initiator for the workflow
- Update Resource Tags
- Initiator for the workflow
- Update Person Catalog Category Requestable Entitlements
- Initiator for the workflow
|
| VIS-Management-Role-MyLocations | Grants visibility for all Management Roles in a person's locations. Visibility is needed to access the Action links related to Management Roles. |
| ACT-Management-Role-RBAC-Delegations-MyLocations | Grants the ability to manage RBAC delegations of access for all Management Roles in the person's locations. |
Roles needed by people to manage the RBAC delegations of roles in their organizatons
| Management Role | Access Granted by Management Role |
|---|
| UI-Management-Role-Object-Administration | Grants access to the user interfaces and workflows to create Person objects.
Feature Set — Inherits the below Access Levels from the parent Management Role Definition:
Pages and Controls Access- Find Management Role Page
- Viewer for the page
- Viewer for Advanced Tab
- Viewer for the All Roles Tab
- Viewer for the Management Role Definition Tab
- Viewer for the Location Tree
- Management Role View One Page
- Viewer for the page
- Viewer for the Actions Accordion
- Viewer for the More Info Accordion
- Viewer for the Advanced Tab
- Management Role Edit One Page
- Management Role Definition View One Page
- Viewer for the page
- Viewer for the Actions Accordion
- Management Role Definition Edit One Page
- Resultant Resource Locations Page
- Create Management Role Page
- Create Management Role Definition Page
- EmpowerID Protected Application
- Management Role Resource Type DropDown Item
Workflow Access- Management Role New
- Initiator for the workflow
- Edit Management Role NoUI
- Initiator for the workflow
- Delete Management Role
- Initiator for the workflow
- Management Role Definition New
- Initiator for the workflow
- Edit Management Role Definition NoUI
- Initiator for the workflow
- Delete Management Role Definition NoUI
- Initiator for the workflow
- Update Owner Assignee
- Initiator for the workflow
- Update Resource Locations
- Initiator for the workflow
- Update Resource Tags
- Initiator for the workflow
- Update Person Catalog Category Requestable Entitlements
- Initiator for the workflow
|
| VIS-Management-Role-MyOrg | Grants visibility for all Management Roles in a person's locations. Visibility is needed to access the Action links related to Management Roles. |
| ACT-Management-Role-RBAC-Delegations-MyOrgs | Grants the ability to manage RBAC delegations of access for all Management Roles in the person's organizations. |
Roles needed by people to manage the RBAC delegations of all roles
| Management Role | Access Granted by Management Role |
|---|
| UI-Management-Role-Object-Administration | Grants access to the user interfaces and workflows to create Person objects.
Feature Set — Inherits the below Access Levels from the parent Management Role Definition:
Pages and Controls Access- Find Management Role Page
- Viewer for the page
- Viewer for Advanced Tab
- Viewer for the All Roles Tab
- Viewer for the Management Role Definition Tab
- Viewer for the Location Tree
- Management Role View One Page
- Viewer for the page
- Viewer for the Actions Accordion
- Viewer for the More Info Accordion
- Viewer for the Advanced Tab
- Management Role Edit One Page
- Management Role Definition View One Page
- Viewer for the page
- Viewer for the Actions Accordion
- Management Role Definition Edit One Page
- Resultant Resource Locations Page
- Create Management Role Page
- Create Management Role Definition Page
- EmpowerID Protected Application
- Management Role Resource Type DropDown Item
Workflow Access- Management Role New
- Initiator for the workflow
- Edit Management Role NoUI
- Initiator for the workflow
- Delete Management Role
- Initiator for the workflow
- Management Role Definition New
- Initiator for the workflow
- Edit Management Role Definition NoUI
- Initiator for the workflow
- Delete Management Role Definition NoUI
- Initiator for the workflow
- Update Owner Assignee
- Initiator for the workflow
- Update Resource Locations
- Initiator for the workflow
- Update Resource Tags
- Initiator for the workflow
- Update Person Catalog Category Requestable Entitlements
- Initiator for the workflow
|
| VIS-Management-Role-All | Grants visibility for all Management Roles. |
| ACT-Management-Role-RBAC-Delegations-All | Grants the ability to manage RBAC delegations of access for all Management Roles. |