Skip to main content

About Responsible Parties

EmpowerID provides a mechanism for assigning and tracking responsible parties for key IT objects, such as accounts, groups, computers, management roles, locations, and shared credentials. Responsible parties designate who is accountable for an IT object from a security and audit perspective.

Responsible Parties vs. Ownership

The concept of a responsible party is distinct from ownership:

  • Ownership – An account owned by a person represents that individual and serves as their personal account
  • Responsible Party – Designates who is accountable for an IT object from a security and audit perspective

A person can be the responsible party for objects they don't own and may not even have access to (though access can be delegated based on responsibility).

Supported Object Types

You can assign responsible parties for:

  • User Accounts – Directory accounts across all connected systems
  • Groups – Security and distribution groups
  • Computers – Computer objects in directories
  • Management Roles – EmpowerID Management Roles
  • Locations – EmpowerID Location objects
  • Shared Credentials – Privileged account credentials

Responsible Party Types

In EmpowerID, any RBAC Actor Type can be assigned as the responsible party for an object. However, most organizations configure EmpowerID to allow only Persons to be assigned as responsible parties.

The assignment is stored in the OwnerAssigneeID field, which is available in each supported object's table.

You can change the allowed responsible party type through the OwnerRequiredAssigneeTypeID system setting. See Change the Responsible Party Type for details.

Assignment Methods

Individual Assignment

  • Use the Responsible Party property on the object's Details page
  • Suitable for assigning responsibility for one object at a time

Bulk Assignment

  • Use actions on the object type's ViewMany page (e.g., Find Groups page)
  • Assign the same person as responsible party for multiple objects simultaneously
  • More efficient when managing many objects

Transferring Responsibilities

When a person leaves the organization or changes positions, transfer their responsibilities to maintain clear accountability:

Manual Transfer

  • Use the Transfer Responsibilities workflow
  • Select objects to transfer from one person to another
  • Suitable for planned transitions or one-time changes

Automated Transfer

  • Configure automated transfer using a Planned Leaver Event
  • Responsibilities automatically transfer when the person leaves
  • Ensures no gaps in accountability during personnel changes

See Transfer Responsibilities and Automate Responsibility Transfer for detailed procedures.

Reporting on Responsibilities

EmpowerID includes reports to identify IT objects without assigned responsible parties:

  • Accounts without a Responsible Party
  • Computers without a Responsible Party
  • Groups without a Responsible Party
  • Management Roles without a Responsible Party

Running these reports regularly helps avoid situations where critical IT assets are left without oversight, which is important for security and audit purposes.

You can also view all objects a specific person is responsible for through their Person Details page. See View a Person's Responsibilities.

Benefits of Responsible Party Management

  • Clear accountability – Every IT object has a designated person responsible for it
  • Audit compliance – Documented responsibility assignments support compliance requirements
  • Security oversight – Ensures someone is accountable for reviewing and managing each object
  • Lifecycle management – Facilitates proper management when personnel changes occur
  • Resource optimization – Prevents responsibility overload by tracking assignments per person