Edit RBAC Membership Policies

When organizational structures change or you need to modify who automatically receives Management Role assignments, you can update RBAC membership policies. These policies automatically assign roles based on organizational attributes like department, location, or other role memberships, reducing manual assignment overhead.

Before You Use This Workflow

Access Requirements: You must have appropriate permissions to manage the specific Management Role you want to modify.

tip

Use this workflow when organizational structures change, when you need to expand or restrict automatic role assignments, or when refining role assignment criteria for better access control.

Before You Start

You need access to the Resource Admin application to edit RBAC membership policies. If you can't access this workflow, contact your administrator to request permissions.

Make sure you have:

• Understanding of current automatic assignment criteria
• Knowledge of which organizational attributes should trigger role assignments
• Decisions about expanding, restricting, or modifying membership policies

Get Started

1. Navigate to the Resource Admin portal.
2. Select Management Roles from the resource type menu.
3. Click the Workflows tab.
4. Find and click Manage Management Role Wizard.
5. Select the Management Role you want to modify by checking the box next to it, then click Next.
6. Select Edit RBAC Membership Policies from the available actions.
7. Click Next to proceed to the RBAC membership policy configuration.

The workflow will open showing the current RBAC membership policy configuration.

Update RBAC Membership Policies

1. Modify the RBAC membership policies as needed:

   New RBAC Membership Policies:

   • Use the Choose Type dropdown to select the type (Person, Group, SetGroup, Management Role, Business Role, or Location).
   • Search for and select the specific person, group, or role.
   • Repeat as needed to add multiple policies.
   • Use the Added counter to view your new policy selections.

   Existing RBAC Membership Policies:

   • Current policies are displayed in a table with Remove/Keep options.
   • Click Remove to delete a policy or Keep to retain it.
   • Review all existing policies and their assignee details.

   Preview membership - Check the box at the bottom to preview who will receive automatic membership based on your current policy selections before submitting the request.

2. Click Next to proceed.

3. If you selected the preview membership option, review the RBAC Membership Assignee Count:

   • Review the resultant count showing how many users will be affected by your policy changes.
   • The table displays the action type, assignee type, display name, and resulting user count for each policy.
   • Click Next to see the detailed list of people who will be affected.

4. If previewing, review the detailed list of people:

   • Review the complete list of individuals who will receive the Management Role based on your policy changes.
   • Use the search functionality to find specific people if needed.
   • Click Next to continue. Note: Steps 3 and 4 do not appear if you did not select the preview membership option.

5. Click Submit to apply the RBAC membership policy updates.

Complete the Workflow

1. Review the Operation Execution Summary to confirm your changes were applied successfully: The summary shows the specific RBAC membership policies that were added or removed.
2. Click Submit to continue.
3. Choose your next action:
   • Do you want to manage the same Management Role? - Select this to perform additional actions on the same role.
   • Do you want to manage different Management Role(s)? - Select this to work with other Management Roles.
   • Do you want to finish the workflow? - Select this to complete the process and exit the wizard.
4. Click Submit to proceed with your selected option.

What Happens Next

• Once changes are applied, qualifying users will automatically receive or lose the Management Role based on the updated policies.
• New users who meet the criteria will automatically be assigned the role when they join the organization or change positions.

If You Run Into Problems

Policies assign too many people: Review your criteria carefully - broad selections like entire locations can result in unexpected assignments. Consider using more specific groups or organizational units.

Changes don't appear to affect users: RBAC policies may require approval before taking effect. Check for pending business requests related to your changes.

Can't find the right organizational attribute: Verify the person, group, or role exists in the system and you have permission to reference it in policies.

Related Actions

• To create new Management Roles, see Onboard Management Role.
• To modify role ownership, see Edit Management Role Owners & Deputies.
• To manage role bundles, see Edit Management Role Assignments.