Skip to main content

Granting Access to the IAM Shop with Management Roles

EmpowerID employs Management Roles to control access to the IAM Shop. Users must be assigned to relevant roles to gain access to this feature. These Management Roles are classified by their specific functions within EmpowerID and include:

  1. UI-Prefixed Roles: Management Roles that start with 'UI' provide users access to certain UI elements within the EmpowerID Web interface. This allows for a tailored user experience, giving access only to the necessary interface components.
  2. VIS-Prefixed Roles: Roles prefixed with 'VIS' grant users visibility rights over specific objects within EmpowerID. This ensures that users can see only the objects relevant to their role, making for an efficient and clutter-free workspace.
  3. ACT-Prefixed Roles: Management Roles beginning with 'ACT' allow users to manage certain objects within EmpowerID. This gives users the necessary permissions to perform specific actions on selected objects, aligning with their job responsibilities.

To shop for eligible resources in the IAM Shop, users must be assigned one or more of the applicable Management Roles below, depending on the needed scope.

tip

Expand each section below to view the UI controls, pages, web services, and workflows included in that role.

UI-IT-Shop-MS-Application
  • Role Type: Feature Set (UI)
  • Grants Access To: Shop for Applications in the IAM Shop microservice app.

Grants Viewer access to:

  • Applications Grid Control (IT Shop)
  • ITShop Parsed Html More information text Control
  • ITShop Show Only Azure Applications Control
  • Create Azure Application Workflow Control (IT Shop)
  • ITShop-PreApprovedApplications-Control
  • ITShop-TimeConstrainedApplications-Control
UI-IT-Shop-MS-Application-Role
  • Role Type: Feature Set (UI)
  • Grants Access To: Shop for Application Roles (Groups) in the IAM Shop microservice app.

Grants Viewer access to:

  • Target System Control (IT Shop)
  • TCodes Grid Control (IT Shop)
  • Manage Access Business Request Attribute Control (IT Shop)
  • Application Roles Business Functions Control (IT Shop)
  • Application Processes Control (IT Shop)
  • Suggested Application Roles Control (IT Shop)
  • Application Roles Account Store Attribute Control (IT Shop)
  • Application Roles Resource System Attribute Control (IT Shop)
  • Application Roles Applications Control (IT Shop)
  • Application Roles Owners Attribute Control (IT Shop)
  • Application Roles Advanced Search Control (IT Shop)
  • Application Roles High Level Classification Attribute Control (IT Shop)
  • Application Roles Name Attribute Control (IT Shop)
  • Application Roles TCode Control (IT Shop)
  • Pre-Approved Application Roles Control (IT Shop)
UI-IT-Shop-MS-Azure-Admin-Role
  • Role Type: Feature Set (UI)
  • Grants Access To: Shop for Azure Admin Directory Roles in the IAM Shop microservice app.

Grants Viewer access to:

  • Azure Admin Roles Role Types Control (IT Shop)
  • Manage Access Business Request Attribute Control (IT Shop)
  • Azure Admin Roles Resource System Attribute Control (IT Shop)
  • Azure Admin Roles Role Type Attribute Control (IT Shop)
  • Azure Admin Roles Advanced Search Control (IT Shop)
  • Azure Admin Roles Global Functions Control (ITShop)
  • Azure Admin Roles Tenants Control (IT Shop)
UI-IT-Shop-MS-Azure-License
  • Role Type: Feature Set (UI)
  • Grants Access To: Shop for Azure Licenses in the IAM Shop microservice app.

Grants Viewer access to:

  • Azure Licenses Tenant Subscription Attribute Control (IT Shop)
  • Azure Licenses Resource System Attribute Control (IT Shop)
  • Azure Licenses Name Attribute Control (IT Shop)
  • Azure License Pool Control (IT Shop)
  • Manage Access Business Request Attribute Control (IT Shop)
  • Azure Licenses License Pool Attribute Control (IT Shop)
  • Azure Subscription Control (IT Shop)
  • Azure Licenses Advanced Search Control (IT Shop)
  • Azure Licenses Licensed Assignee Attribute Control (IT Shop)
  • Azure Licenses Tenants Control (IT Shop)
UI-IT-Shop-MS-Azure-RBAC-Role
  • Role Type: Feature Set (UI)
  • Grants Access To: Shop for Azure RBAC Roles in the IAM Shop microservice app.

Grants Viewer access to:

  • Azure Rbac Roles Global Functions Control (ITShop)
  • Azure Rbac Roles Role Types Control (IT Shop)
UI-IT-Shop-MS-Business-Role
  • Role Type: Feature Set (UI)
  • Grants Access To: Shop for Business Roles in the IAM Shop microservice app.

Grants Viewer access to:

  • Azure Rbac Roles Global Functions Control (ITShop)
  • Azure Rbac Roles Role Types Control (IT Shop)
UI-IT-Shop-MS-Common
  • Role Type: Feature Set (UI)
  • Grants Access To: Shared UI and API features required by the IAM Shop microservice app.

Grants Viewer access to:

  • IT Shop Microservice App
UI-IT-Shop-MS-Computer
  • Role Type: Feature Set (UI)
  • Grants Access To: Shop for access to servers in the IAM Shop microservice app.

Grants Viewer access to:

  • Computers Advanced Search Control (IT Shop)
  • Target System Control (IT Shop)
  • Manage Access Business Request Attribute Control (IT Shop)
UI-IT-Shop-MS-Mailbox
  • Role Type: Feature Set (UI)
  • Grants Access To: Shop for Office 365 Mailboxes in the IAM Shop microservice app.

Grants Viewer access to:

  • Mailboxes Advanced Search Control (IT Shop)
  • Target System Control (IT Shop)
  • Manage Access Business Request Attribute Control (IT Shop)
UI-IT-Shop-MS-Full-Access
  • Role Type: Feature Set (UI)
  • Grants Access To: All item types and UI features in the IAM Shop microservice app.

Grants Viewer access to:

  • EmpowerID Web
  • IT Shop Microservice App
UI-IT-Shop-MS-Management-Role
  • Role Type: Feature Set (UI)
  • Grants Access To: Shop for EmpowerID Management Roles in the IAM Shop microservice app.

Grants Viewer access to:

  • Management Roles Advanced Search Control (IT Shop)
  • Target System Control (IT Shop)
  • Manage Access Business Request Attribute Control (IT Shop)
UI-IT-Shop-MS-Risk
  • Role Type: Feature Set (UI)
  • Grants Access To: View and interact with Risks in the IAM Shop microservice app.

Grants Viewer access to:

  • Risk Advanced Search Control (IT Shop)
  • Target System Control (IT Shop)
  • Manage Access Business Request Attribute Control (IT Shop)
UI-IT-Shop-MS-Shared-Credential
  • Role Type: Feature Set (UI)
  • Grants Access To: Shop for Shared Credentials in the IAM Shop microservice app.

Grants Viewer access to:

  • Credentials Advanced Search Control (IT Shop)
  • Target System Control (IT Shop)
  • Manage Access Business Request Attribute Control (IT Shop)