Skip to main content

Partner Access Assignment Details

EmpowerID employs Management Roles to delegate access to partners, ensuring they have necessary permissions to manage their operations while maintaining system security. Management Roles are categorized and prefixed based on their function within EmpowerID.

Types of Management Roles

UI (User Interface) Management Roles

  • Grant access to specific UI elements within the EmpowerID Web interface
  • Enable interaction with administrative panels, reporting dashboards, or user management screens
  • Control which interface components users can view and interact with

VIS (Visibility) Management Roles

  • Enable users to view specific objects within EmpowerID
  • Provide read-only access for monitoring, oversight, and management
  • Support informed decision-making without modification permissions

ACT (Action) Management Roles

  • Empower users to manage specific objects within EmpowerID
  • Allow performing actions like modifying, adding, or removing objects and settings
  • Provide elevated permissions beyond viewing

Role Bundles (RB) Management Roles

  • Composite roles containing collections of various Management Roles
  • Simplify access delegation by grouping related roles into single assignments
  • Users inherit access rights of all individual roles included in the bundle

EmpowerID includes two Role Bundle Management Roles specifically designed for partner access delegation.

Partner Admin Role Bundle

The Partner Admin role bundle provides comprehensive administrative capabilities for managing people and resources within partner locations.

Management RoleRole TypeDescription
UI-Person-Object-AdministrationFeature Set (UI)Provides access to Person Object UI and workflows, including user interface controls, pages, reports, and workflows
UI-Person-Password-HelpdeskFeature Set (UI)Grants access to perform assisted password resets and unlocks, including relevant UI controls, pages, reports, and workflows
VIS-OrgRoleOrgZone-ALLVisibility (VIS)Grants access to see all Business Role and Location combinations, including UI controls and web services
ACT-Location-Object-Administration-MyLocationsBelowActivity (ACT)Provides access to create, edit, and delete all locations in the person's locations and below
ACT-Person-Object-Administration-MyOrgActivity (ACT)Provides access to create, edit, and delete Person objects in the person's organization
ACT-Person-Password-Helpdesk-MyOrgActivity (ACT)Provides access to assist people in the person's organization by resetting passwords and unlocking accounts
Partner UserRole BundleIncludes all Partner User Role Bundle permissions (see below)

Partner User Role Bundle

The Partner User role bundle provides end-user capabilities for partners, including self-service and resource request functionality.

Management RoleRole TypeDescription
UI-IT-Shop-MS-Management-RoleFeature Set (UI)Grants access to shop for EmpowerID Management Roles in the IAM Shop, including UI controls, pages, reports, web services, and workflows
VIS-Management-Role-AllVisibility (VIS)Grants access to see all Management Roles, including web service invocation permissions
VIS-Groups-Generic-MyOrgVisibility (VIS)Grants access to see all generic groups in the person's organizations, including UI controls and web services
ACT-Person-Profile-Self-ServiceActivity (ACT)Grants users access to operations needed to edit their profiles
ACT-Person-MFA-Self-ServiceActivity (ACT)Grants users access to operations needed to edit their MFA options
Password-Self-ServiceRole BundleGrants users access to perform password self-service operations (includes additional Management Roles)
IAM Shop, My Tasks, and My Identity Self-Service Basic AccessRole BundleGrants access to use the IAM Shop, My Tasks, and My Identity microservices without granting visibility to objects or UI roles for each resource type (includes additional Management Roles that can be added separately as needed)