Assigning Resource Owners

When users shop for any resources for which they do not have the delegations to claim, EmpowerID creates a task for each of their requests and routes those tasks to all users with the ability to approve them. In EmpowerID, these "approvers" are known as "resource owners" and comprise all users who have the Access Manager Access Level for the specific resource being requested. For example, if a user requests membership in a group that is available from the IT Shop—and the group does not allow for automatic group joining—EmpowerID sends the request to each person who is an Access Manager or owner of the group. Any one of those people can then decide whether to approve or deny the membership. This principal applies to all resource types protected by EmpowerID.

To assign resource owners

  1. From the Navigation Sidebar of the EmpowerID Web interface, navigate to the Manage Delegations page by expanding Admin > Identities and clicking Manage Delegations.
  2. From the Manage Delegations page, click the Resource Delegations tab.
  3. This opens a form that allows you to do the following:

    1. Select a resource type, such as a security group, an Exchange mailbox or an asset request, etc.
    2. Specify the specific resource belonging to the resource type, such as the BK-GVR01 security group, the administrator mailbox, or the Mobile Phone asset request, etc.
    3. Select the type of EmpowerID Actor to assign the access.
    4. Search for and select specific actor belonging to the type. For example, if you select Person as the type of actor, then you would search for and select each person who is to be the resource owner.
  4. From the Resource Delegations tab, select the appropriate resource type from the Resource Type drop-down.
  5. Type the name of the specific resource for that resource type in the Enter a Name to Search field and then click the tile for the resource.
  6. Please note that the label for the field dynamically updates to reflect the selected resource type. Thus, if you selected Group (Security) as the resource type, the label would read Enter a Group (Security) Name to Search.
  7. Click the Add Assignee (+) button on the grid.
  8. In the Assignee dialog that appears, do the following:
    1. Type the name of the specific actor in the Enter Name to Search field and then click the tile for that actor.
    2. Select Access Manager from the Access Level drop-down.
    3. Optionally, limit the time and dates of the access assignment as needed.
      • To limit the times and dates of the access assignment
        1. Tick Temporary Access. You should see two fields, an Access Begins field and an Access Ends field.
        2. Click the Access Begins field and select the desired beginning date and time from the calendar.
        3. Click the Access Ends field and select the desired ending date and time from the calendar.
        4. You should see the Access Begins and Access Ends fields update accordingly.

        5. To further restrict the access assignment to specific days and times during the specified date range, click Enable Day of Week Restrictions and then click the drop-down arrow to the right of the field.
        6. You should see an Hours of the Day Allowed pane appear. By default, each day is set to 24-hour access.

        7. For each day you want to restrict the hours of access, click the from and to fields and select the starting and ending times from the Choose Time control by moving the Hour and Minute sliders to appropriate values. For example, if you want don't want the selected actor to have any access on Sunday, you move the Hour and Minute sliders to the left until the time shown is 00:00 and then click Done.
  9. Click Save.