Assigning Access Levels to Management Roles

EmpowerID Access Levels, also known as Resource Roles, are collections of "operational capabilities" and/or "native system rights" specific to a particular resource type, such as an account, group or mailbox. When you assign an Access Level to a Management Role, you give anyone assigned membership in the Management Role the ability to perform those operations or tasks against a selected resource.

To assign Access Levels to Management Roles

  1. From the Navigation Sidebar of the EmpowerID Web interface, navigate to the Delegations Management page by expanding Identities and clicking Manage Delegations.
  2. Select the Actor Delegations tab.
  3. Select Management Role from the Assignee Type drop-down, type the name of the Management Role to which you are delegating access in the Enter a Management Role Name to Search field and then click the tile for that Management Role.
  4. In the following image, the Navigation Sidebar has been collapsed to conserve screen real estate.

  5. Select By Location from the Assignment Type drop-down. Selecting By Location gives the Management Role access over all resources of a resource type in a location and the child locations of that location.
  6. From the Assignments grid, click the Add Assignments (+) button.
  7. In the Grant Access dialog that appears, do the following:
    1. Select the resource type for which you want to give the Management Role an access level. In our example, we are selecting the Computer resource type.
    2. Underneath For Resource in or Below, click the Select a Location link and in the Location Selector that appears, search for and select the location in which you want the Access Level to have effect.
    3. Click Save to close the Location Selector.
    4. Select the Access Level you want to assign to the Management Role from the Access Level drop-down. In our example, we have selected the Administrator Access Level. This gives anyone who is assigned to the Management Role all of the EmpowerID Operations and native system rights delegated to the Management Role.
    5. Optionally, tick Time Constraint if you want to add a time constraint to the Access Level assignment. When this option is selected, you set the date and time ranges by clicking in the Valid From and Valid To fields and picking the appropriate values from the Calendar.
    6. Additionally, you can restrict the access to certain days and hours of the week by clicking the Hours of the Day Allowed drop-down button and setting the restrictions in the from and to fields for each day.

    7. Click Save.
    8. This adds the Access Level assignment to the Shopping Cart.

  8. Repeat step 6 for each Access Level you want to assign to the Management Role Definition.
  9. When you have completed adding Access Level assignments, click the Shopping Cart icon, type a reason for the assignments in the cart dialog and then click Submit.