Overview of Managing Management Roles
Management Roles in EmpowerID are collections of operational capabilities that allow you to assign bundles of access—such as workflows, data permissions, or UI pages—to users based on what they need to do in their role. They provide a structured approach to managing user permissions across your organization.
Unlike groups or job-based roles, Management Roles can:
- Cross applications and platforms
- Contain Access Levels for any resource type
- Be scoped by location, department, or team
- Support task-based access control (T-RBAC)
- Include direct resource assignments with time constraints
Management Roles make it easier to assign and manage access at scale without giving direct access to every individual resource. They also improve auditability and reduce complexity when access needs change.
What You Can Do with Management Roles
As a delegated administrator or resource owner, you can perform various management tasks on Management Roles, including creating new roles, modifying existing assignments, managing ownership, and controlling access policies. The tasks range from basic role creation to advanced access assignment management.
Available Tasks
Role Creation and Basic Management
- Onboard Management Roles - Create new Management Roles with proper configuration
- Edit Management Role Settings - Modify basic role information and descriptions
- Delete Management Roles - Remove roles that are no longer needed
Role Ownership and Governance
- Edit Management Role Owners & Deputies - Manage role ownership and backup administrators
- Edit RBAC Membership Policies - Configure automatic role assignments based on organizational attributes
Role Assignments and Bundling
- Edit Management Role Assignments - Bundle Management Roles together for comprehensive access
- Edit Group Assignments - Assign groups as members of Management Roles
- Edit Local Function Assignments - Grant access to specific business functions
Access Control and Self-Service
- Edit IAM Shop Settings - Control role visibility and requestability in self-service portal
- Manage Access Assignments for Management Roles - Directly assign specific resources to roles with optional time constraints
Each article provides step-by-step guidance for completing these tasks efficiently while maintaining proper governance and security controls.