Shipping Management Roles

EmpowerID ships with the following default Management Roles. click any Management Role to see a tabular description.

All Access

Users with this Management Role can perform any action in EmpowerID.

Assignment Type	Resource Type	Resource	Access Level	Assignment Description
Scoped At Location	Access Request	N/A	All Access (EmpowerID Admin)	Assignment to any Access Request as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Access Request	N/A	All Access (EmpowerID Admin)	Assignment to any Access Request as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Alert	N/A	All Access (EmpowerID Admin)	Assignment to any Alert as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Alert	N/A	All Access (EmpowerID Admin)	Assignment to any Alert as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Application	N/A	All Access (EmpowerID Admin)	Assignment to any Application as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Application	N/A	All Access (EmpowerID Admin)	Assignment to any Application as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Approval Routing Group	N/A	All Access (EmpowerID Admin)	Assignment to any Approval Routing Group as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Asset Request	N/A	All Access (EmpowerID Admin)	Assignment to any Asset Request as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Asset Request	N/A	All Access (EmpowerID Admin)	Assignment to any Asset Request as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Audit	N/A	All Access (EmpowerID Admin)	Assignment to any Audit as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Audit	N/A	All Access (EmpowerID Admin)	Assignment to any Audit as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Business Role	N/A	All Access (EmpowerID Admin)	Assignment to any Business Role as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Business Role	N/A	All Access (EmpowerID Admin)	Assignment to any Business Role as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Computer	N/A	All Access (EmpowerID Admin)	Assignment to any Computer as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Control (User Interface)	N/A	All Access (EmpowerID Admin)	Assignment to any Control (User Interface) as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Control (User Interface)	N/A	All Access (EmpowerID Admin)	Assignment to any Control (User Interface) as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	EmpowerID System	N/A	Administrator	Assignment to any EmpowerID System as Administrator scoped at EmpowerID System.
Scoped At Location	EmpowerID System	N/A	All Access (EmpowerID Admin)	Assignment to any EmpowerID System as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Exchange Contact	N/A	All Access (EmpowerID Admin)	Assignment to any Exchange Contact as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Exchange Mailbox	N/A	All Access (EmpowerID Admin)	Assignment to any Exchange Mailbox as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Exchange Public Folder	N/A	All Access (EmpowerID Admin)	Assignment to any Exchange Public Folder as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	External Credential	N/A	All Access (EmpowerID Admin)	Assignment to any External Credential as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Folder (Shared)	N/A	All Access (EmpowerID Admin)	Assignment to any Folder (Shared) as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Generic Asset	N/A	All Access (EmpowerID Admin)	Assignment to any Generic Asset as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Generic Asset	N/A	All Access (EmpowerID Admin)	Assignment to any Generic Asset as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Generic Asset (AD Protected)	N/A	All Access (EmpowerID Admin)	Assignment to any Generic Asset (AD Protected) as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Group (Distribution)	N/A	All Access (EmpowerID Admin)	Assignment to any Group (Distribution) as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Group (Generic)	N/A	All Access (EmpowerID Admin)	Assignment to any Group (Generic) as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Group (Security)	N/A	All Access (EmpowerID Admin)	Assignment to any Group (Security) as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Location	N/A	All Access (EmpowerID Admin)	Assignment to any Location as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Location	N/A	All Access (EmpowerID Admin)	Assignment to any Location as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Lync User	N/A	All Access (EmpowerID Admin)	Assignment to any Lync User as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Management Role	N/A	All Access (EmpowerID Admin)	Assignment to any Management Role as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Management Role	N/A	All Access (EmpowerID Admin)	Assignment to any Management Role as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Management Role Definition	N/A	All Access (EmpowerID Admin)	Assignment to any Management Role Definition as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Management Role Definition	N/A	All Access (EmpowerID Admin)	Assignment to any Management Role Definition as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Organization	N/A	All Access (EmpowerID Admin)	Assignment to any Organization as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Organization	N/A	All Access (EmpowerID Admin)	Assignment to any Organization as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Pages and Reports	N/A	All Access (EmpowerID Admin)	Assignment to any Pages and Reports as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Person	N/A	All Access (EmpowerID Admin)	Assignment to any Person as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Person	N/A	All Access (EmpowerID Admin)	Assignment to any Person as All Access (EmpowerID Admin)scoped at EmpowerID System.
Scoped At Location	Printer (Shared)	N/A	All Access (EmpowerID Admin)	Assignment to any Person as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Query-Based Collection (SetGroup)	N/A	All Access (EmpowerID Admin)	Assignment to any Query-Based Collection (SetGroup) as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Query-Based Collection (SetGroup)	N/A	All Access (EmpowerID Admin)	Assignment to any Query-Based Collection (SetGroup) as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Separation Of Duties Policy	N/A	All Access (EmpowerID Admin)	Assignment to any Separation Of Duties Policy as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Separation Of Duties Policy	N/A	All Access (EmpowerID Admin)	Assignment to any Separation Of Duties Policy as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	SharePoint Group	N/A	All Access (EmpowerID Admin)	Assignment to any SharePoint Group as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	SharePoint Web Site	N/A	All Access (EmpowerID Admin)	Assignment to any SharePoint Web Site as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	SSO Application	N/A	All Access (EmpowerID Admin)	Assignment to any SSO Application as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	SSO Application	N/A	All Access (EmpowerID Admin)	Assignment to any SSO Application as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	SSO Application Definition	N/A	All Access (EmpowerID Admin)	Assignment to any SSO Application Definition as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	SSO Application Definition	N/A	All Access (EmpowerID Admin)	Assignment to any SSO Application Definition as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	SSO OAuth Connection	N/A	All Access (EmpowerID Admin)	Assignment to any SSO OAuth Connection as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	SSO OAuth Connection	N/A	All Access (EmpowerID Admin)	Assignment to any SSO OAuth Connection as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	SSO SAML Connection	N/A	All Access (EmpowerID Admin)	Assignment to any SSO SAML Connection as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	SSO SAML Connection	N/A	All Access (EmpowerID Admin)	Assignment to any SSO SAML Connection as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	SSO WS-Federation Connection	N/A	All Access (EmpowerID Admin)	Assignment to any SSO WS-Federation Connection as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	SSO WS-Federation Connection	N/A	All Access (EmpowerID Admin)	Assignment to any SSO WS-Federation Connection as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	User Account	N/A	All Access (EmpowerID Admin)	Assignment to any User Account as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	User Account	N/A	All Access (EmpowerID Admin)	Assignment to any User Account as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Web Service	N/A	All Access (EmpowerID Admin)	Assignment to any Web Service as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Web Service	N/A	All Access (EmpowerID Admin)	Assignment to any Web Service as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Workflow	N/A	All Access (EmpowerID Admin)	Assignment to any Workflow as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Workflow	N/A	All Access (EmpowerID Admin)	Assignment to any Workflow as All Access (EmpowerID Admin) scoped at Anywhere.

Audit Full Access

Users with this Management Role have full access to the audit workflows and user interfaces that allow users to review their audit tasks.

Audit Participant

Users with this Management Role have limited access to the audit workflows and user interfaces that allow users to review their audit tasks.

Assignment Type	Resource Type	Resource	Access Level	Assignment Description
Direct	Pages and Reports	User Compliance Dashboard To Do	Viewer	Direct assignment to User Compliance Dashboard To Do as Viewer.
Direct	Pages and Reports	User Compliance Dashboard Done	Viewer	Direct assignment to the User Compliance Dashboard Done as Viewer.
Direct	Workflow	SubmitSingleAttestationResponse	Initiator	Direct assignment to the SubmitSingleAttestationResponse workflow as Initiator.
Direct	Workflow	SubmitSingleSodViolationResponse	Initiator	Direct assignment to the SubmitSingleSodViolationResponse workflow as Initiator.
Direct	Workflow	ProcessAttestationDecision	Initiator	Direct assignment to the ProcessAttestationDecision workflow as Initiator.
Direct	Workflow	AddResourceAttestationComment	Initiator	Direct assignment to the AddResourceAttestationComment workflow as Initiator.
Direct	Workflow	AttestationRevokeGroupMembership	Initiator	Direct assignment to the AttestationRevokeGroupMembership workflow as Initiator.

Computer PAM User Full Access

Users with this Management Role can view and connect to computers, create computers, vault credentials and link to computers.

Assignment Type	Resource Type	Resource	Access Level	Assignment Description
Direct	Control (User Interface)	Shared Credentials Tab	Viewer	Direct Assignment to the Shared Credentials tab as Viewer.
Direct	Control (User Interface)	Find Computer Page Computer Tab	Viewer	Direct Assignment to the Computer tab on the Find Computer page as Viewer.
Direct	Control (User Interface)	Find Computer Page Local Accounts Tab	Viewer	Direct Assignment to the Local Accounts tab on the Find Computer page as Viewer.
Direct	Control (User Interface)	Find Computer Page Local Groups Tab	Viewer	Direct Assignment to the Local Groups tab on the Find Computer page as Viewer.
Direct	Control (User Interface)	Find Computer Page Local Services Tab	Viewer	Direct Assignment to the Local Services tab on the Find Computer page as Viewer.
Direct	Control (User Interface)	Find Computer Page App Pools Tab	Viewer	Direct Assignment to the App Pools tab on the Find Computer page as Viewer.
Direct	Control (User Interface)	IT Shop My Resources My Computers Tab	Initiator	Direct Assignment to the My Computers tab on the My Resources page of the IT Shop as Viewer.
Direct	Control (User Interface)	My Computer Credentials Tab	Viewer	Direct Assignment to the My Computer Credentials tab on the Find Computer page as Viewer.
Direct	Control (User Interface)	All Computer Credentials Tab	Viewer	Direct Assignment to the All Computer Credentials tab on the Find Computer page as Viewer.
Direct	Control (User Interface)	Computer Credentials Check-Outs Tab	Viewer	Direct Assignment to the Credential Check Outs tab on the Find Computer page as Viewer.
Direct	Control (User Interface)	Shared Credential Dashboard Tab	Viewer	Direct Assignment to the Shared Credential Dashboard tab on the Find Shared Credential page as Viewer.
Direct	Control (User Interface)	My Shared Credentials Tab	Viewer	Direct Assignment to the My Shared Credentials tab on the Find Shared Credential page as Viewer.
Direct	Control (User Interface)	All Shared Credentials Tab	Viewer	Direct Assignment to the All Shared Credentials tab on the Find Shared Credential page as Viewer.
Direct	Control (User Interface)	Shared Credentials Check-Outs Tab	Viewer	Direct Assignment to the Credential Check Outs tab on the Find Shared Credential page as Viewer.
Direct	Control (User Interface)	Credentials I Manage Tab	Viewer	Direct Assignment to the Credentials I Manage tab on the Find Shared Credential page as Viewer.
Direct	Pages and Reports	Find Computer Page	Viewer	Direct Assignment to the Find Computer page as Viewer.
Direct	Pages and Reports	Saved Credentials Page	Viewer	Direct Assignment to the Saved Credentials page as Viewer.
Direct	Pages and Reports	Find Shared Credentials Page	Viewer	Direct Assignment to the Find Shared Credentials page as Viewer.
Direct	Pages and Reports	Schedule Account Vaulted Password Reset and Update Page	Viewer	Direct Assignment to the Schedule Account Vaulted Password Reset and Update page as Viewer.
Direct	Pages and Reports	Find Shared Credential Policies Page	Viewer	Direct Assignment to the Find Shared Credential Policies page as Viewer.
Direct	Workflow	Check-Out Credential	Initiator	Direct Assignment to the Check-Out Credential workflow as Initiator.
Direct	Workflow	Check-In Credential	Initiator	Direct Assignment to the Check-In Credential workflow as Initiator.
Direct	Workflow	Ping Computer	Initiator	Direct Assignment to the Ping Computer workflow as Initiator.
Direct	Workflow	Edit Computer Connection Attributes Bulk	Initiator	Direct Assignment to the Edit Computer Connection Attributes Bulk workflow as Initiator.
Direct	Workflow	Update External Credentials	Initiator	Direct Assignment to the Update External Credentials workflow as Initiator.
Direct	Workflow	Provision Computer	Initiator	Direct Assignment to the Provision Computer workflow as Initiator.
Direct	Workflow	Resource Manager Update Computer	Initiator	Direct Assignment to the Resource Manager Update Computer workflow as Initiator.
Direct	Workflow	Update Resource Tags	Initiator	Direct Assignment to the Update Resource Tags workflow as Initiator.
Direct	Workflow	Update Assignments	Initiator	Direct Assignment to the Update Assignments workflow as Initiator.
Direct	Workflow	Update Secret Shared People	Initiator	Direct Assignment to the Update Secret Shared People workflow as Initiator.
Direct	Workflow	Update External Credential Accounts	Initiator	Direct Assignment to the Update External Credential Accounts workflow as Initiator.
Direct	Workflow	Create Vaulted Credential	Initiator	Direct Assignment to the Create Vaulted Credential workflow as Initiator.
Direct	Workflow	Edit Windows Service	Initiator	Direct Assignment to the Edit Windows Service workflow as Initiator.
Direct	Workflow	Edit Priv Session	Initiator	Direct Assignment to the Edit Priv Session workflow as Initiator.
Direct	Workflow	Edit Windows Server App Pool	Initiator	Direct Assignment to the Edit Windows Server App Pool workflow as Initiator.
Direct	Workflow	Create Computer and Credential	Initiator	Direct Assignment to the Create Computer and Credential workflow as Initiator.
Direct	Workflow	Update External Credential Policies	Initiator	Direct Assignment to the Update External Credential Policies workflow as Initiator.
Direct	Workflow	Create External Credential Policy	Initiator	Direct Assignment to the Create External Credential Policy workflow as Initiator.
Direct	Workflow	Edit External Credential Policy	Initiator	Direct Assignment to the Edit External Credential Policy workflow as Initiator.
Direct	Workflow	Delete External Credential Policy	Initiator	Direct Assignment to the Delete External Credential Policy workflow as Initiator.

Computer PAM User Limited Access

Users with this Management Role have access to view and connect to computers.

Assignment Type	Resource Type	Resource	Access Level	Assignment Description
Direct	Control (User Interface)	Shared Credentials Tab	Viewer	Direct Assignment to the Shared Credentials tab on the Computer page as Viewer.
Direct	Control (User Interface)	IT Shop My Resources My Computers Tab	Viewer	Direct Assignment to the My Computers tab on the My Resources page of the IT Shop as Viewer.
Direct	Workflow	Check-Out Credential	Initiator	Direct Assignment to the Check-Out Credential workflow as Initiator.
Direct	Workflow	Check-In Credential	Initiator	Direct Assignment to the Check-In Credential workflow as Initiator.

Customer

Users with this Management Role have limited self-service access and can only view themselves.

EmpowerID Configuration Administrator

Users with this Management Role can see and manage EmpowerID configuration screens and settings.

Assignment Type	Resource Type	Resource	Access Level	Assignment Description
Scoped At Location	Alert	N/A	All Access (EmpowerID Admin)	Assignment to any Alert as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Location	N/A	All Access (EmpowerID Admin)	Assignment to any Location as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	EmpowerID System	N/A	All Access (EmpowerID Admin)	Assignment to any EmpowerID System as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Organization	N/A	All Access (EmpowerID Admin)	Assignment to any Organization as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Business Role	N/A	All Access (EmpowerID Admin)	Assignment to any Business Role as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Location	N/A	All Access (EmpowerID Admin)	Assignment to any Location as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Workflow	N/A	All Access (EmpowerID Admin)	Assignment to any Workflow as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Application	N/A	All Access (EmpowerID Admin)	Assignment to any Application as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Pages and Reports	N/A	All Access (EmpowerID Admin)	Assignment to any Pages and Reports as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Control (User Interface)	N/A	All Access (EmpowerID Admin)	Assignment to any Control (User Interface) as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Web Service	N/A	All Access (EmpowerID Admin)	Assignment to any Web Service as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Asset Request	N/A	All Access (EmpowerID Admin)	Assignment to any Asset Request as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Access Request	N/A	All Access (EmpowerID Admin)	Assignment to any Access Request as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Management Role Definition	N/A	All Access (EmpowerID Admin)	Assignment to any Management Role Definition as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Management Role	N/A	All Access (EmpowerID Admin)	Assignment to any Management Role as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Query-Based Collection (SetGroup)	N/A	All Access (EmpowerID Admin)	Assignment to any Query-Based Collection (SetGroup) as All Access (EmpowerID Admin) scoped at EmpowerID System.

EmpowerID Security Alerts

Users with this Management Role can receive security related event alerts.

EmpowerID System Notifications

Users with this Management Role can receive alerts concerning EmpowerID system events, such as failed jobs.

Enterprise Compliance Officer

Users with this Management Role can create and manage audits and related policies.

Assignment Type	Resource Type	Resource	Access Level	Assignment Description
Scoped At Location	EmpowerID System	N/A	All Access (EmpowerID Admin)	Assignment to any EmpowerID System as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Separation of Duties Policy	N/A	Reviewer	Assignment to any Separation of Duties Policy as Reviewer scoped at EmpowerID System.
Scoped At Location	Audit	N/A	Reviewer	Assignment to any Audit as Reviewer scoped at EmpowerID System.
Scoped At Location	Pages and Reports	N/A	Viewer	Assignment to any Pages and Reports as Viewer scoped at EmpowerID System.
Scoped At Location	Separation of Duties Policy	N/A	Reviewer	Assignment to any Separation of Duties Policy as Reviewer scoped at EmpowerID System.
Scoped At Location	Separation of Duties Policy	N/A	Access Manager	Assignment to any Separation of Duties Policy as Access Manager scoped at EmpowerID System.
Scoped At Location	Separation of Duties Policy	N/A	Reviewer	Assignment to any Separation of Duties Policy as Reviewer scoped at EmpowerID System.
Direct	Control (User Interface)	Organization Resource Type dropdown item	Viewer	Direct assignment to Organization Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Windows Print Share Resource type dropdown item	Viewer	Direct assignment to Windows Print Share Resource type dropdown item as Viewer.
Direct	Control (User Interface)	Windows File Share Resource type dropdown item	Viewer	Direct assignment to Windows File Share Resource type dropdown item as Viewer.
Direct	Control (User Interface)	AD Security Group Resource Type dropdown item	Viewer	Direct assignment to AD Security Group Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Workflow Resource Type dropdown item	Viewer	Direct assignment to Workflow Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Location Resource Type dropdown item	Viewer	Direct assignment to Location Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Business Role Resource Type dropdown item	Viewer	Direct assignment to Business Role Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Request Center Global Stats	Viewer	Direct assignment to Request Center Global Stats as Viewer.
Direct	Control (User Interface)	Person Resource type dropdown item	Viewer	Direct assignment to Person Resource type dropdown item as Viewer.
Direct	Control (User Interface)	Exchange Mailbox Resource type dropdown item	Viewer	Direct assignment to Exchange Mailbox Resource type dropdown item as Viewer.
Direct	Control (User Interface)	EmpowerID System Resource type dropdown item	Viewer	Direct assignment to EmpowerId System Resource type dropdown item as Viewer.
Direct	Control (User Interface)	Separation OF Duties Policy Resource type dropdown item	Viewer	Direct assignment to Separation OF Duties Policy Resource type dropdown item as Viewer.
Direct	Control (User Interface)	Audit Resource Type dropdown item	Viewer	Direct assignment to Audit Resource type dropdown item as Viewer.
Direct	Control (User Interface)	My Workspace: Audit Onboarding	Viewer	Direct assignment to My Workspace: Audit Onboarding as Viewer.
Direct	Control (User Interface)	My Workspace: SOD Violations	Viewer	Direct assignment to My Workspace: SOD Violations as Viewer.
Direct	Control (User Interface)	EmpowerID Attestation Policy node	Viewer	Direct assignment to EmpowerID Attestation Policy node as Viewer.
Direct	Control (User Interface)	Account Resource Type dropdown item	Viewer	Direct assignment to Account Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Application Resource Type dropdown item	Viewer	Direct assignment to Application Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Control Resource Type dropdown item	Viewer	Direct assignment to Control Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Resource Manager: SOD Policy	Viewer	Direct assignment to Resource Manager: SOD Policy as Viewer.
Direct	Control (User Interface)	My Workspace: Group Membership Changes	Viewer	Direct assignment to My Workspace: Group Membership Changes as Viewer.
Direct	Control (User Interface)	My Workspace: Audit Log	Viewer	Direct assignment to My Workspace: Audit Log as Viewer.
Direct	Control (User Interface)	My Workspace: Audit Offboarding	Viewer	Direct assignment to My Workspace: Audit Offboarding as Viewer.
Direct	Control (User Interface)	Group Membership Change Log	Viewer	Direct assignment to Group Membership Change Log as Viewer.
Direct	Control (User Interface)	Operation Audit Log	Viewer	Direct assignment to Operation Audit Log as Viewer.
Direct	Control (User Interface)	Person Login History	Viewer	Direct assignment to Person Login History as Viewer.
Direct	Control (User Interface)	Management Role Resource Type dropdown item	Viewer	Direct assignment to Management Role Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Page Resource Type dropdown item	Viewer	Direct assignment to Page Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Access Request Catalog Item Resource Type dropdown item	Viewer	Direct assignment to Access Request Catalog Item Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Generic Asset AD Protected Resource Type dropdown item	Viewer	Direct assignment to Generic Asset AD Protected Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Computer Resource Type dropdown item	Viewer	Direct assignment to Computer Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Exchange Mail Contact Resource Type dropdown item	Viewer	Direct assignment to Exchange Mail Contact Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Exchange Public Folder Resource Type dropdown item	Viewer	Direct assignment to Exchange Public Folder Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	AD Distribution Group Resource Type dropdown item	Viewer	Direct assignment to AD Distribution Group Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Web Service Resource Type dropdown item	Viewer	Direct assignment to Web Service Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Asset Catalog Item Resource Type dropdown item	Viewer	Direct assignment to Asset Catalog Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Resource Manager : Separation of Duties Policy Groups	Viewer	Direct assignment to Resource Manager : Separation of Duties Policy Groups as Viewer.
Direct	Pages and Reports	Create SoD Policy	Viewer	Direct assignment to Create SoD Policy as Viewer.
Direct	Pages and Reports	Auditor Compliance Dashboard	Viewer	Direct assignment to Auditor Compliance Dashboard as Viewer.
Direct	Pages and Reports	FindSeparationOfDutiesViolation Page	Viewer	Direct assignment to FindSeparationOfDutiesViolation Page as Viewer.
Direct	Workflow	DeleteAudit	INitiator	Direct assignment to DeleteAudit as Initiator.
Direct	Workflow	AttestationPolicyNew	Initiator	Direct assignment to AttestationPolicyNew as Initiator.
Direct	Workflow	UpdateAttestationPolicyTargets	Initiator	Direct assignment to UpdateAttestationPolicyTargets as Initiator.
Direct	Workflow	UpdateAuditAttestationPolicies	Initiator	Direct assignment to UpdateAuditAttestationPolicies as Initiator.
Direct	Workflow	AuditNew	Initiator	Direct assignment to AuditNew as Initiator.
Direct	Workflow	EditAttestationPolciyNoUI	Initiator	Direct assignment to EditAttestationPolciyNoUI as Initiator.
Direct	Workflow	DirectReportAttestationExampleAdvanced	Initiator	Direct assignment to DirectReportAttestationExampleAdvanced as Initiator.
Direct	Workflow	ProvisionSeparationOfDuties	Initiator	Direct assignment to ProvisionSeparationOfDuties as Initiator.
Direct	Workflow	EditSeparationOfDutiesPolicyNoUI	Initiator	Direct assignment to EditSeparationOfDutiesPolicyNoUI as Initiator.
Direct	Workflow	ProvisionAttestationPolicy	Initiator	Direct assignment to ProvisionAttestationPolicy as Initiator.
Direct	Workflow	EditAuditDetails	Initiator	Direct assignment to EditAuditDetails as Initiator.
Direct	Workflow	DeleteAttestationPolicy	Initiator	Direct assignment to DeleteAttestationPolicy as Initiator.

Enterprise Exchange Administrator

Users with this Management Role have enterprise-wide ability to manage all Exchange mailboxes.

Assignment Type	Resource Type	Resource	Access Level	Assignment Description
Scoped At Location	Exchange Contact	N/A	All Access (EmpowerID Admin)	Assignment to any Exchange Contact as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Exchange Mailbox	N/A	All Access (EmpowerID Admin)	Assignment to any Exchange Mailbox as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Exchange Public Folder	N/A	All Access (EmpowerID Admin)	Assignment to any Exchange Public as All Access (EmpowerID Admin) scoped at Anywhere.
Direct	Application	Configuration Manager	Administrator	Direct assignment to Configuration Manager as Administrator.
Direct	Control (User Interface)	Request Center Global Stats	Viewer	Direct assignment to Request Center Global Stats as Viewer.
Direct	Control (User Interface)	Exchange Mailbox Resource Type dropdown item	Viewer	Direct assignment to Exchange Mailbox Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Exchange Public Folder Resource Type dropdown item	Viewer	Direct assignment to Exchange Public Folder Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Exchange Mail Contact Resource Type dropdown item	Viewer	Direct assignment to Exchange Mail Contact Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Deleted Exchange Mailboxes	Viewer	Direct assignment to Deleted Exchange Mailboxes as Viewer.
Direct	Control (User Interface)	Exchange Mailbox Stores	Viewer	Direct assignment to Exchange Mailbox Stores as Viewer.
Direct	Workflow	AddExchangeMailboxAddress	Initiator	Direct assignment to AddExchangeMailboxAddress as Initiator.
Direct	Workflow	BulkMailenableGroup	Initiator	Direct assignment to BulkMailenableGroup as Initiator.
Direct	Workflow	CreateEquipment	Initiator	Direct assignment to CreateEquipment as Initiator.
Direct	Workflow	CreateExchangeMailbox	Initiator	Direct assignment to CreateExchangeMailbox as Initiator.
Direct	Workflow	CreateResourceMailbox	Initiator	Direct assignment to CreateResourceMailbox as Initiator.
Direct	Workflow	CreateUserAndMailbox	Initiator	Direct assignment to CreateUserAndMailbox as Initiator.
Direct	Workflow	CreateUserMailbox	Initiator	Direct assignment to CreateUserMailbox as Initiator.
Direct	Workflow	DeleteExchangeMailboxAddress	Initiator	Direct assignment to DeleteExchangeMailboxAddress as Initiator.
Direct	Workflow	DeleteMailbox	Initiator	Direct assignment to DeleteMailbox as Initiator.
Direct	Workflow	DisableMailbox	Initiator	Direct assignment to DisableMailbox as Initiator.
Direct	Workflow	DisableOWA	Initiator	Direct assignment to DisableOWA as Initiator.
Direct	Workflow	EditAcceptMessagesFrom	Initiator	Direct assignment to EditAcceptMessagesFrom as Initiator.
Direct	Workflow	EditExchangeMailboxAddress	Initiator	Direct assignment to EditExchangeMailboxAddress as Initiator.
Direct	Workflow	EditMailbox	Initiator	Direct assignment to EditMailbox as Initiator.
Direct	Workflow	EditMailForwarding	Initiator	Direct assignment to EditMailForwarding as Initiator.
Direct	Workflow	EditRejectMessagesFrom	Initiator	Direct assignment to EditRejectMessagesFrom as Initiator.
Direct	Workflow	EditSMTPAddresses	Initiator	Direct assignment to EditSMTPAddresses as Initiator.
Direct	Workflow	EnableAutoAccept	Initiator	Direct assignment to EnableAutoAccept as Initiator.
Direct	Workflow	EnableMailboxWithBasicQuota	Initiator	Direct assignment to EnableMailboxWithBasicQuota as Initiator.
Direct	Workflow	EnableMailboxWithCorpQuota	Initiator	Direct assignment to EnableMailboxWithCorpQuota as Initiator.
Direct	Workflow	EnableOWA	Initiator	Direct assignment to EnableOWA as Initiator.
Direct	Workflow	EnableWireless	Initiator	Direct assignment to EnableWireless as Initiator.
Direct	Workflow	HideDLFromGAL	Initiator	Direct assignment to HideDLFromGAL as Initiator.
Direct	Workflow	HideMailbox	Initiator	Direct assignment to HideMailbox as Initiator.
Direct	Workflow	MailboxSizeDecrease	Initiator	Direct assignment to MailboxSizeDecrease as Initiator.
Direct	Workflow	MailboxSizeIncrease	Initiator	Direct assignment to MailboxSizeIncrease as Initiator.
Direct	Workflow	MailDisableAccount	Initiator	Direct assignment to MailDisableAccount as Initiator.
Direct	Workflow	MailDisableGroup	Initiator	Direct assignment to MailDisableGroup as Initiator.
Direct	Workflow	MailEnableGroup	Initiator	Direct assignment to MailEnableGroup as Initiator.
Direct	Workflow	MoveMailbox	Initiator	Direct assignment to MoveMailbox as Initiator.
Direct	Workflow	ReinstateExchangeMailbox	Initiator	Direct assignment to ReinstateExchangeMailbox as Initiator.
Direct	Workflow	ResourceManagerUpdateMailbox	Initiator	Direct assignment to ResourceManagerUpdateMailbox as Initiator.
Direct	Workflow	SetAsPrimaryExchangeMailboxAddress	Initiator	Direct assignment to SetAsPrimaryExchangeMailboxAddress as Initiator.
Direct	Workflow	ShowDLInGAL	Initiator	Direct assignment to ShowDLInGAL as Initiator.
Direct	Workflow	ShowMailbox	Initiator	Direct assignment to ShowMailbox as Initiator.

Enterprise Group Administrator

Users with this Management Role have enterprise-wide ability to manage all groups.

Assignment Type	Resource Type	Resource	Access Level	Assignment Description
Scoped At Location	Group (Security)	N/A	All Access (EmpowerID Admin)	Assignment to any Group (Security) as All Access (EmpowerID Admin) scoped at Anywhere
Scoped At Location	Group (Distribution)	N/A	All Access (EmpowerID Admin)	Assignment to any Group (Distribution) as All Access (EmpowerID Admin) scoped at Anywhere
Scoped At Location	Group (Generic)	N/A	All Access (EmpowerID Admin)	Assignment to any Group (Generic) as All Access (EmpowerID Admin) scoped at Anywhere
Direct	Control (User Interface)	AD Distribution Group Resource type dropdown item	Viewer	Direct assignment to AD Distribution Group Resource type dropdown item as Viewer.
Direct	Control (User Interface)	AD Security Group Resource type dropdown item	Viewer	Direct assignment to AD Security Group Resource type dropdown item as Viewer.
Direct	Control (User Interface)	All Groups Tab On Find Groups Page	Viewer	Direct assignment to All Groups Tab On Find Groups Page as Viewer.
Direct	Control (User Interface)	Deleted Groups	Viewer	Direct assignment to Deleted Groups as Viewer.
Direct	Control (User Interface)	Group Membership Change Log	Viewer	Direct assignment to Group Membership Changes as Viewer.
Direct	Control (User Interface)	Request Center Global Stats	Viewer	Direct assignment to Request Center Global Stats as Viewer.
Direct	Control (User Interface)	Resource Manager: Access Granted To Group	Viewer	Direct assignment to Resource Manager: Access Granted To Group as Viewer.
Direct	Control (User Interface)	Resource Manager: Group Account	Viewer	Direct assignment to Resource Manager: Group Account as Viewer.
Direct	Control (User Interface)	Resource Manager: Group Account History By Account	Viewer	Direct assignment to Resource Manager: Group Account History By Account as Viewer.
Direct	Control (User Interface)	Resource Manager: Group Account History By Group	Viewer	Direct assignment to Resource Manager: Group Account History By Group as Viewer.
Direct	Control (User Interface)	Resource Manager: Group Account History By Person	Viewer	Direct assignment to Resource Manager: Group Account History By Person as Viewer.
Direct	Control (User Interface)	Resource Manager: Group Group Membership	Viewer	Direct assignment to Resource Manager: Group Group Membership as Viewer.
Direct	Control (User Interface)	Resource Manager: Group Resultant Set Of Resource Roles	Viewer	Direct assignment to Resource Manager: Group Resultant Set Of Resource Roles as Viewer.
Direct	Control (User Interface)	Resource Manager: Person Group Membership	Viewer	Direct assignment to Resource Manager: Person Group Membership as Viewer.
Direct	Control (User Interface)	Resource Manager: Resource Role Groups	Viewer	Direct assignment to Resource Manager: Resource Role Groups as Viewer.
Direct	Pages and Reports (User Interface)	ChangeManager.aspx	Viewer	Direct assignment to ChangeManager.aspx as Viewer.
Direct	Pages and Reports (User Interface)	Create Application Page	Viewer	Direct assignment to Create Application Page as Viewer.
Direct	Pages and Reports (User Interface)	Create Group	Viewer	Direct assignment to Create Group as Viewer.
Direct	Pages and Reports (User Interface)	Find ProtectedApplicationResourceApplication Page	Viewer	Direct assignment to Find ProtectedApplicationResourceApplication Page as Viewer.
Direct	Pages and Reports (User Interface)	GroupManager.aspx	Viewer	Direct assignment to GroupManager.aspx as Viewer.
Direct	Pages and Reports (User Interface)	GroupMembersForGroup	Viewer	Direct assignment to GroupMembersForGroup as Viewer.
Direct	Pages and Reports (User Interface)	GroupMembershipChanges	Viewer	Direct assignment to GroupMembershipChanges as Viewer.
Direct	Pages and Reports (User Interface)	GroupMembershipChangesHighSecurity	Viewer	Direct assignment to GroupMembershipChangesHighSecurity as Viewer.
Direct	Pages and Reports (User Interface)	GroupMembershipForPerson	Viewer	Direct assignment to GroupMembershipForPerson as Viewer.
Direct	Pages and Reports (User Interface)	GroupMembershipForAccount	Viewer	Direct assignment to GroupMembershipForAccount as Viewer.
Direct	Workflow	AccountRequestwithGroup	Initiator	Direct assignment to AccountRequestwithGroup as Initiator.
Direct	Workflow	AddAccountsToGroup	Initiator	Direct assignment to AddAccountsToGroup as Initiator.
Direct	Workflow	AddGroupOrgZoneResourceTypeRole	Initiator	Direct assignment to AddGroupOrgZoneResourceTypeRole as Initiator.
Direct	Workflow	AddGroupResourceRole	Initiator	Direct assignment to AddGroupResourceRole as Initiator.
Direct	Workflow	AddGroupsToGroup	Initiator	Direct assignment to AddGroupsToGroup as Initiator.
Direct	Workflow	AddPeopleToGroups	Initiator	Direct assignment to AddPeopleToGroups as Initiator.
Direct	Workflow	AssignGroupOrgRoleOrgZone	Initiator	Direct assignment to AssignGroupOrgRoleOrgZone as Initiator.
Direct	Workflow	AssignGroupResourceRole	Initiator	Direct assignment to AssignGroupResourceRole as Initiator.
Direct	Workflow	BulkMailenableGroup	Initiator	Direct assignment to BulkMailenableGroup as Initiator.
Direct	Workflow	CreateADGroup	Initiator	Direct assignment to CreateADGroup as Initiator.
Direct	Workflow	CreateGroup	Initiator	Direct assignment to CreateGroup as Initiator.
Direct	Workflow	DeleteGroup	Initiator	Direct assignment to DeleteGroup as Initiator.
Direct	Workflow	EditGroup	Initiator	Direct assignment to EditGroup as Initiator.
Direct	Workflow	MailDisableGroup	Initiator	Direct assignment to MailDisableGroup as Initiator.
Direct	Workflow	MailEnableGroup	Initiator	Direct assignment to MailEnableGroup as Initiator.
Direct	Workflow	MoveGroup	Initiator	Direct assignment to MoveGroup as Initiator.
Direct	Workflow	RemoveAccountsFromGroups	Initiator	Direct assignment to RemoveAccountsFromGroups as Initiator.
Direct	Workflow	RemoveGroupAccount	Initiator	Direct assignment to RemoveGroupAccount as Initiator.
Direct	Workflow	RemoveGroupOrgRoleOrgZone	Initiator	Direct assignment to RemoveGroupOrgRoleOrgZone as Initiator.
Direct	Workflow	RemoveGroupResourceRoleNoUI	Initiator	Direct assignment to RemoveGroupResourceRoleNoUI as Initiator.
Direct	Workflow	RemoveGroupsFromGroup	Initiator	Direct assignment to RemoveGroupsFromGroup as Initiator.
Direct	Workflow	RemoveOrgRoleOrgZoneFromGroups	Initiator	Direct assignment to RemoveOrgRoleOrgZoneFromGroups as Initiator.
Direct	Workflow	RemoveRbacResourceRoleAssignmentAsActor	Initiator	Direct assignment to RemoveRbacResourceRoleAssignmentAsActor as Initiator.
Direct	Workflow	ResourceManagerEditGroup	Initiator	Direct assignment to ResourceManagerEditGroup as Initiator.

Enterprise IT Administrator

Users with this Management Role have enterprise-wide ability to manage all users, groups, computers, mailboxes and other IT resources.

Assignment Type	Resource Type	Resource	Access Level	Assignment Description
Scoped At Location	Computer	N/A	All Access (EmpowerID Admin)	Assignment to any Computer as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Exchange Mailbox	N/A	All Access (EmpowerID Admin)	Assignment to any Exchange Mailbox as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Group (Distribution)	N/A	All Access (EmpowerID Admin)	Assignment to any Group (Distribution) as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Group (Generic)	N/A	All Access (EmpowerID Admin)	Assignment to any Group (Generic) asAll Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Group (Security)	N/A	All Access (EmpowerID Admin)	Assignment to any Group (Security) as All Access (EmpowerID Admin) scoped at Anywhere.
Scoped At Location	Location	N/A	All Access (EmpowerID Admin)	Assignment to any Location as All Access (EmpowerID Admin) scoped at EmpowerID System.
Scoped At Location	Person	N/A	All Access (EmpowerID Admin)	Assignment to any Person as All Access (EmpowerID Admin) scoped at Anywhere
Scoped At Location	SharePoint Group	N/A	All Access (EmpowerID Admin)	Assignment to any SharePoint Group as All Access (EmpowerID Admin) scoped at Anywhere
Scoped At Location	SharePoint Web Site	N/A	All Access (EmpowerID Admin)	Assignment to any SharePoint Web Site as All Access (EmpowerID Admin) scoped at Anywhere
Scoped At Location	SSO Application	N/A	All Access (EmpowerID Admin)	Assignment to any SSO Application as All Access (EmpowerID Admin) scoped at Anywhere
Scoped At Location	SSO Application Definition	N/A	All Access (EmpowerID Admin)	Assignment to any SSO Application Definition as All Access (EmpowerID Admin) scoped at Anywhere
Scoped At Location	User Account	N/A	All Access (EmpowerID Admin)	Assignment to any User Account as All Access (EmpowerID Admin) scoped at Anywhere.
Direct	Control (User Interface)	Account Resource Type dropdown item	Viewer	Direct assignment to Account Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	AD Distribution Group Resource Type dropdown item	Viewer	Direct assignment to AD Distribution Group Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	AD Security Group Resource Type dropdown item	Viewer	Direct assignment to AD Security Group Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	All Groups Tab On Find Groups Page	Viewer	Direct assignment to All Groups Tab On Find Groups Page as Viewer.
Direct	Control (User Interface)	All Roles Tab In Find Management Roles Page	Viewer	Direct assignment to All Roles Tab In Find Management Roles Page as Viewer.
Direct	Control (User Interface)	Asset Owner	Viewer	Direct assignment to Asset Owner as Viewer.
Direct	Control (User Interface)	Attestation Review Tasks	Viewer	Direct assignment to Attestation Review Tasks as Viewer.
Direct	Control (User Interface)	Computer Resource Type dropdown item	Viewer	Direct assignment to Computer Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Deleted Accounts	Viewer	Direct assignment to Deleted Accounts as Viewer.
Direct	Control (User Interface)	Deleted Exchange Mailboxes	Viewer	Direct assignment to Deleted Mailboxes as Viewer.
Direct	Control (User Interface)	Deleted Groups	Viewer	Direct assignment to Deleted Groups as Viewer.
Direct	Control (User Interface)	Deleted Person Objects	Viewer	Direct assignment to Deleted Person Objects as Viewer.
Direct	Control (User Interface)	Exchange Mail Contact Resource Type dropdown item	Viewer	Direct assignment to Exchange Mail Contact Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Exchange Mailbox Resource Type dropdown item	Viewer	Direct assignment to Exchange Mailbox Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Exchange Mailbox Stores	Viewer	Direct assignment to Exchange Mailbox Stores as Viewer.
Direct	Control (User Interface)	Exchange Public Folder Resource Type dropdown item	Viewer	Direct assignment to Exchange Public Folder Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Generic Asset AD Protected Resource Type dropdown item	Viewer	Direct assignment to Generic Asset AD Protected Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Generic Asset Resource Type dropdown item	Viewer	Direct assignment to Generic Asset Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Group Membership Change Log	Viewer	Direct assignment to Group Membership Change Log as Viewer.
Direct	Control (User Interface)	Inbound Attribute Changes	Viewer	Direct assignment to Inbound Attribute Changes as Viewer.
Direct	Control (User Interface)	My Workspace: All Resource Operation Decisions	Viewer	Direct assignment to Resource Manager: All Resource Operation Decisions as Viewer.
Direct	Control (User Interface)	My Workspace: My Actions In Workflows	Viewer	Direct assignment to Resource Manager: My Actions In Workflows as Viewer.
Direct	Control (User Interface)	My Workspace: My Membership	Viewer	Direct assignment to Resource Manager: All Resource Operation Decisions as Viewer.
Direct	Control (User Interface)	My Workspace: My Membership Changes	Viewer	Direct assignment to Resource Manager: My Membership Changes as Viewer.
Direct	Control (User Interface)	My Workspace: My Security Assignments	Viewer	Direct assignment to My Workspace: My Security Assignments as Viewer.
Direct	Control (User Interface)	My Workspace: My Workflow Decisions	Viewer	Direct assignment to My Workspace: My Workflow Decisions as Viewer.
Direct	Control (User Interface)	My Workspace: Protected SSO Applications	Viewer	Direct assignment to My Workspace: Protected SSO Applications as Viewer.
Direct	Control (User Interface)	My Workspace: Reports	Viewer	Direct assignment to My Workspace: Reports as Viewer.
Direct	Control (User Interface)	My Workspace: SSO Applications	Viewer	Direct assignment to My Workspace: SSO Applications as Viewer.
Direct	Control (User Interface)	New Account Inbox	Viewer	Direct assignment to New Account Inbox as Viewer.
Direct	Control (User Interface)	Operation Audit Log	Viewer	Direct assignment to Operation Audit Log as Viewer.
Direct	Control (User Interface)	Orphan Accounts	Viewer	Direct assignment to Orphan Accounts as Viewer.
Direct	Control (User Interface)	Outbound Attribute Changes	Viewer	Direct assignment to Outbound Attribute Changes as Viewer.
Direct	Control (User Interface)	Password Manager Enrollment	Viewer	Direct assignment to Password Manager Enrollment as Viewer.
Direct	Control (User Interface)	Person Assets	Viewer	Direct assignment to Person Assets as Viewer.
Direct	Control (User Interface)	Person Login History	Viewer	Direct assignment to Person Login History as Viewer.
Direct	Control (User Interface)	Person Resource Type dropdown item	Viewer	Direct assignment to Person Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Recently Created Objects	Viewer	Direct assignment to Recently Created Objects as Viewer.
Direct	Control (User Interface)	Request Center Global Stats	Viewer	Direct assignment to Request Center Global Stats as Viewer.
Direct	Control (User Interface)	Resource Manager: Audit History Of Resource	Viewer	Direct assignment to Resource Manager: Audit History Of Resource as Viewer.
Direct	Control (User Interface)	Resource Manager: Access Granted To Account	Viewer	Assignment to Resource Manager: Access Granted To Account as Viewer.
Direct	Control (User Interface)	Resource Manager: Access Granted To Group	Viewer	Assignment to Resource Manager: Access Granted To Person as Viewer.
Direct	Control (User Interface)	Resource Manager: Access Granted To Person	Viewer	Assignment to Resource Manager:Access Granted To Person as Viewer.
Direct	Control (User Interface)	Resource Manager: Account Resultant Set Of Resource Roles	Viewer	Direct assignment to Resource Manager: Account Resultant Set Of Resource Roles as Viewer.
Direct	Control (User Interface)	Resource Manager: Audit History By Person	Viewer	Direct assignment to Resource Manager: Audit History By Person as Viewer.
Direct	Control (User Interface)	Resource Manager: Child Management Roles	Viewer	Direct assignment to Resource Manager: Child Management Roles as Viewer.
Direct	Control (User Interface)	Resource Manager: Directly Assigned Locations	Viewer	Assignment to Resource Manager: Directly Assigned Locations as Viewer.
Direct	Control (User Interface)	Resource Manager: Email Addresses	Viewer	Direct assignment to Resource Manager: Email Addresses as Viewer.
Direct	Control (User Interface)	Resource Manager: Enforcement	Viewer	Direct assignment to Resource Manager: Enforcement as Viewer.
Direct	Control (User Interface)	Resource Manager: Group Account	Viewer	Direct assignment to Resource Manager: Group Account as Viewer.
Direct	Control (User Interface)	Resource Manager: Group Account History By Account	Viewer	Direct assignment to Resource Manager: Group Account History By Account as Viewer.
Direct	Control (User Interface)	Resource Manager: Group Account History By Group	Viewer	Direct Assignment to Resource Manager: Group Account History By Group.
Direct	Control (User Interface)	Resource Manager: Group Account History By Person	Viewer	Direct assignment to Resource Manager: Group Account History By Person as Viewer.
Direct	Control (User Interface)	Resource Manager: Group Group Membership	Viewer	Direct assignment to Resource Manager: Group Group Membership as Viewer.
Direct	Control (User Interface)	Resource Manager: Group Resultant Set Of Resource Roles	Viewer	Direct assignment to Resource Manager: Group Resultant Set Of Resource Roles as Viewer.
Direct	Control (User Interface)	Resource Manager: Management Role Assignees	Viewer	Direct assignment to Resource Manager: Management Role Assignees as Viewer.
Direct	Control (User Interface)	Resource Manager: Management Role Definition Resource Role Assignment	Viewer	Direct assignment to Resource Manager: Resultant Set of Operation Assignments as Viewer.
Direct	Control (User Interface)	Resource Manager: Management Role Resource Role Assignments	Viewer	Direct assignment to Resource Manager: Management Role Resource Role Assignments as Viewer.
Direct	Control (User Interface)	Resource Manager: Person Account	Viewer	Direct assignment to Resource Manager: Person Account as Viewer.
Direct	Control (User Interface)	Resource Manager: Person Business Roles	Viewer	Direct assignment to Resource Manager: Person Business Roles as Viewer.
Direct	Control (User Interface)	Resource Manager: Person Group Membership	Viewer	Direct assignment to Resource Manager: Person Group Membership as Viewer.
Direct	Control (User Interface)	Resource Manager: Person Resultant Set Of Resource Roles	Viewer	Direct assignment to Resource Manager: Person Resultant Set Of Resource Roles as Viewer.
Direct	Control (User Interface)	Resource Manager: Resource Role Groups	Viewer	Direct assignment to Resource Manager: Resource Role Groups as Viewer.
Direct	Control (User Interface)	Resource Manager: Resultant Resource Locations	Viewer	Assignment to Resource Manager: Resultant Resource Locations as Viewer.
Direct	Control (User Interface)	Resource Manager: Resultant Set of Operation Assignments	Viewer	Direct assignment to Resource Manager: Resultant Set of Operation Assignments as Viewer.
Direct	Control (User Interface)	Resource Manager: Resultant Set Of Rights Assignments	Viewer	Direct assignment to Resource Manager: Resultant Set Of Rights Assignments as Viewer.
Direct	Control (User Interface)	Resource Manager: Resultant Set of Security	Viewer	Direct assignment to Resource Manager: Resultant Set of Security as Viewer.
Direct	Control (User Interface)	Resource Manager: RRs To Business Roles	Viewer	Direct assignment to Resource Manager: RRs To Business Roles as Viewer.
Direct	Control (User Interface)	Resource Manager: Security	Viewer	Assignment to Resource Manager: Security as Viewer.
Direct	Control (User Interface)	Resource Manager: SSO Applications Assignments	Viewer	Direct assignment to Resource Manager: SSO Applications Assignments as Viewer.
Direct	Control (User Interface)	Resources Pending RBAC Processing	Viewer	Direct assignment to Resources Pending RBAC Processing as Viewer.
Direct	Control (User Interface)	Show Process Info	Viewer	Direct assignment to Show Process Info as Viewer.
Direct	Control (User Interface)	Windows File Share Resource Type dropdown item	Viewer	Direct assignment to Windows File Share Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Windows Print Share Resource Type dropdown item	Viewer	Direct assignment to Windows Print Share Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Workflow Error Log	Viewer	Direct assignment to Workflow Error Log as Viewer.
Direct	Pages and Reports (User Interface)	AccountManager.aspx	Viewer	Direct assignment to AccountManager.aspx as Viewer.
Direct	Pages and Reports (User Interface)	AccountsWithoutEmployeeID	Viewer	Direct assignment to AccountsWithoutEmployeeID as Viewer.
Direct	Pages and Reports (User Interface)	AccountsWithoutManager	Viewer	Direct assignment to AccountsWithoutManager as Viewer.
Direct	Pages and Reports (User Interface)	ActionsByPerson	Viewer	Direct assignment to ActionsByPerson as Viewer.
Direct	Pages and Reports (User Interface)	ActionsToPerson	Viewer	Direct assignment to ActionsToPerson as Viewer.
Direct	Pages and Reports (User Interface)	Addresses	Viewer	Direct assignment to Addresses as Viewer.
Direct	Pages and Reports (User Interface)	AllPreferredBusinessRolesScopedByLocation	Viewer	Direct assignment to AllPreferredBusinessRolesScopedByLocation as Viewer.
Direct	Pages and Reports (User Interface)	AllPreferredManagementRolesScopedByLocation	Viewer	Direct assignment to AllPreferredManagementRolesScopedByLocation as Viewer.
Direct	Pages and Reports (User Interface)	AllPublicFolders	Viewer	Direct assignment to AllPublicFolders as Viewer.
Direct	Pages and Reports (User Interface)	BusinessRoles	Viewer	Direct assignment to BusinessRoles as Viewer.
Direct	Pages and Reports (User Interface)	ChangeManager.aspx	Viewer	Direct assignment to ChangeManager.aspx as Viewer.
Direct	Pages and Reports (User Interface)	ComputerManager.aspx	Viewer	Direct assignment to ComputerManager.aspx as Viewer.
Direct	Pages and Reports (User Interface)	Create Application page	Viewer	Direct assignment to Create Application page as Viewer.
Direct	Pages and Reports (User Interface)	Create Group	Viewer	Direct assignment to Create Group as Viewer.
Direct	Pages and Reports (User Interface)	Delegations management page	Viewer	Direct assignment to Delegations management page as Viewer.
Direct	Pages and Reports (User Interface)	DeletedGroups	Viewer	Direct assignment to DeletedGroups as Viewer.
Direct	Pages and Reports (User Interface)	DeletedMailboxes	Viewer	Direct assignment to DeletedMailboxes as Viewer.
Direct	Pages and Reports (User Interface)	DeletedPeople	Viewer	Direct assignment to DeletedPeople as Viewer.
Direct	Pages and Reports (User Interface)	DeletedUsers	Viewer	Direct assignment to DeletedUsers as Viewer.
Direct	Pages and Reports (User Interface)	Directory Manager	Viewer	Direct assignment to Directory Manageras Viewer.
Direct	Pages and Reports (User Interface)	DisabledUsers	Viewer	Direct assignment to DisabledUsers as Viewer.
Direct	Pages and Reports (User Interface)	DomainControllers	Viewer	Direct assignment to DomainControllers as Viewer.
Direct	Pages and Reports (User Interface)	Edit Person Contextual Page	Viewer	Direct assignment to Edit Person Contextual Page as Viewer.
Direct	Pages and Reports (User Interface)	EmailAddressByMailbox	Viewer	Direct assignment to EmailAddressByMailbox as Viewer.
Direct	Pages and Reports (User Interface)	EmpowerIDLocations	Viewer	Direct assignment to EmpowerIDLocations as Viewer.
Direct	Pages and Reports (User Interface)	EmpowerIDServers	Viewer	Direct assignment to EmpowerIDServers as Viewer.
Direct	Pages and Reports (User Interface)	EmptyGroups	Viewer	Direct assignment to EmptyGroups as Viewer.
Direct	Pages and Reports (User Interface)	ExchangeMailboxesByLocation	Viewer	Direct assignment to ExchangeMailboxesByLocation as Viewer.
Direct	Pages and Reports (User Interface)	ExchangeMailboxStores	Viewer	Direct assignment to ExchangeMailboxStores as Viewer.
Direct	Pages and Reports (User Interface)	ExchangeResourceMailboxesByLocation	Viewer	Direct assignment to ExchangeResourceMailboxesByLocation as Viewer.
Direct	Pages and Reports (User Interface)	ExchangeServers	Viewer	Direct assignment to ExchangeServers as Viewer.
Direct	Pages and Reports (User Interface)	ExternalLocations	Viewer	Direct assignment to ExternalLocations as Viewer.
Direct	Pages and Reports (User Interface)	ExternalRoles	Viewer	Direct assignment to ExternalRoles as Viewer.
Direct	Pages and Reports (User Interface)	Find AccountInbox Page	Viewer	Direct assignment to Find AccountInbox Page as Viewer.
Direct	Pages and Reports (User Interface)	Find Computer Page	Viewer	Direct assignment to Find Computer Page as Viewer.
Direct	Pages and Reports (User Interface)	Find Deleted Objects	Viewer	Direct assignment to Find Deleted Objects as Viewer.
Direct	Pages and Reports (User Interface)	Find DeletedAccount Page	Viewer	Direct assignment to Find DeletedAccount Page as Viewer.
Direct	Pages and Reports (User Interface)	Find DeletedExchangeMailbox Page	Viewer	Direct assignment to Find DeletedExchangeMailbox Page as Viewer.
Direct	Pages and Reports (User Interface)	Find DeletedGroups Page	Viewer	Direct assignment to Find DeletedGroups Page as Viewer.
Direct	Pages and Reports (User Interface)	Find DeletedPeople Page	Viewer	Direct assignment to Find DeletedPeople Page as Viewer.
Direct	Pages and Reports (User Interface)	Find Exchange Mailbox Page	Viewer	Direct assignment to Find Exchange Mailbox Page as Viewer.
Direct	Pages and Reports (User Interface)	Find ExchangeMailContact Page	Viewer	Direct assignment to Find ExchangeMailContact Page as Viewer.
Direct	Pages and Reports (User Interface)	Find ExchangePublicFolder Page	Viewer	Direct assignment to Find ExchangePublic Page as Viewer.
Direct	Pages and Reports (User Interface)	Find ExecutionRuntimeJobHistory Page	Viewer	Direct assignment to Find ExecutionRuntimeJobHistory Page as Viewer.
Direct	Pages and Reports (User Interface)	Find Group Page	Viewer	Direct assignment to Find Group Page as Viewer.
Direct	Pages and Reports (User Interface)	Find LoginSession Page	Viewer	Direct assignment to Find LoginSession Page as Viewer.
Direct	Pages and Reports (User Interface)	Find LyncUser Page	Viewer	Direct assignment to Find LyncUser Page as Viewer.
Direct	Pages and Reports (User Interface)	Find OrphanedAccount Page	Viewer	Direct assignment to Find OrphanedAccount Page as Viewer.
Direct	Pages and Reports (User Interface)	Find Person Page	Viewer	Direct assignment to Find Person Page as Viewer.
Direct	Pages and Reports (User Interface)	Find ProtectedApplicationResourceApplication Page	Viewer	Direct assignment to Find ProtectedApplicationResourceApplication Page as Viewer.
Direct	Pages and Reports (User Interface)	Find ResourceAttestation Page	Viewer	Direct assignment to Find ResourceAttestation Page as Viewer.
Direct	Pages and Reports (User Interface)	Find ResourceEntitlementInbox Page	Viewer	Direct assignment to Find ResourceEntitlementInbox Page as Viewer.
Direct	Pages and Reports (User Interface)	Find SeparationOfDutiesViolation Page	Viewer	Direct assignment to Find SeparationOfDutiesViolation Page as Viewer.
Direct	Pages and Reports (User Interface)	Find Shared Folder Page	Viewer	Direct assignment to Find Shared Folder Page as Viewer.
Direct	Pages and Reports (User Interface)	Find SharePointGroup Page	Viewer	Direct assignment to Find SharePointGroup Page as Viewer.
Direct	Pages and Reports (User Interface)	Find User Account Page	Viewer	Direct assignment to Find User Account Page as Viewer.
Direct	Pages and Reports (User Interface)	GetByLocationReport	Viewer	Direct assignment to GetByLocationReport as Viewer.
Direct	Pages and Reports (User Interface)	GroupManager.aspx	Viewer	Direct assignment to GroupManager.aspx as Viewer.
Direct	Pages and Reports (User Interface)	GroupMembersForGroup	Viewer	Direct assignment to GroupMembersForGroup as Viewer.
Direct	Pages and Reports (User Interface)	GroupMembershipChanges	Viewer	Direct assignment to GroupMembershipChanges as Viewer.
Direct	Pages and Reports (User Interface)	GroupMembershipChangesHighSecurity	Viewer	Direct assignment to GroupMembershipChangesHighSecurity as Viewer.
Direct	Pages and Reports (User Interface)	GroupMembershipForAccount	Viewer	Direct assignment to GroupMembershipForAccount as Viewer.
Direct	Pages and Reports (User Interface)	GroupMembershipForPerson	Viewer	Direct assignment to GroupMembershipForPerson as Viewer.
Direct	Pages and Reports (User Interface)	IdentityManager	Viewer	Direct assignment to IdentityManager as Viewer.
Direct	Pages and Reports (User Interface)	LockedOutUsers	Viewer	Direct assignment to LockedOutUsers as Viewer.
Direct	Pages and Reports (User Interface)	LoginHistory	Viewer	Direct assignment to LoginHistory as Viewer.
Direct	Pages and Reports (User Interface)	LoginsByHistory	Viewer	Direct assignment to LoginsByHistory as Viewer.
Direct	Pages and Reports (User Interface)	MembershipChangesByAccount	Viewer	Direct assignment to MembershipChangesByAccount as Viewer.
Direct	Pages and Reports (User Interface)	MembershipChangesByGroup	Viewer	Direct assignment to MembershipChangesByGroup as Viewer.
Direct	Pages and Reports (User Interface)	MembershipChangesByPerson	Viewer	Direct assignment to MembershipChangesByPerson as Viewer.
Direct	Pages and Reports (User Interface)	OrphanAccountsByLocation	Viewer	Direct assignment to OrphanAccountsByLocation as Viewer.
Direct	Pages and Reports (User Interface)	PasswordManagementActivityByDate	Viewer	Direct assignment to PasswordManagementActivityByDate as Viewer.
Direct	Pages and Reports (User Interface)	PasswordManagerEnrollment	Viewer	Direct assignment to PasswordManagerEnrollment as Viewer.
Direct	Pages and Reports (User Interface)	PasswordManagerNotEnrolled	Viewer	Direct assignment to PasswordManagerNotEnrolled as Viewer.
Direct	Pages and Reports (User Interface)	PeopleByRoleandLocation	Viewer	Direct assignment to PeopleByRoleandLocation as Viewer.
Direct	Pages and Reports (User Interface)	PeopleByRoleReport	Viewer	Direct assignment to PeopleByRoleReport as Viewer.
Direct	Pages and Reports (User Interface)	PeopleWithoutAccounts	Viewer	Direct assignment to PeopleWithoutAccounts as Viewer.
Direct	Pages and Reports (User Interface)	Person Onboarding	Viewer	Direct assignment to Person Onboarding as Viewer.
Direct	Pages and Reports (User Interface)	PersonLoginHistory	Viewer	Direct assignment to PersonLoginHistory as Viewer.
Direct	Pages and Reports (User Interface)	PersonManager.aspx	Viewer	Direct assignment to PersonManager.aspx as Viewer.
Direct	Pages and Reports (User Interface)	PossibleStaleComputers	Viewer	Direct assignment to PossibleStaleComputers as Viewer.
Direct	Pages and Reports (User Interface)	ResourceRolesForPerson	Viewer	Direct assignment to ResourceRolesForPerson as Viewer.
Direct	Pages and Reports (User Interface)	SecurityAssignmentsByAllManagementRoleReport	Viewer	Direct assignment to SecurityAssignmentsByAllManagementRoleReport as Viewer.
Direct	Pages and Reports (User Interface)	SecurityAssignmentsBusinessRoleAsActorReport	Viewer	Direct assignment to SecurityAssignmentsBusinessRoleAsActorReport as Viewer.
Direct	Pages and Reports (User Interface)	SecurityAssignmentsForAllResourcesReport	Viewer	Direct assignment to SecurityAssignmentsForAllResourcesReport as Viewer.
Direct	Pages and Reports (User Interface)	SecurityAssignmentsGroupAsActorReport	Viewer	Direct assignment to SecurityAssignmentsGroupAsActorReport as Viewer.
Direct	Pages and Reports (User Interface)	SecurityAssignmentsPersonAsActorReport	Viewer	Direct assignment to SecurityAssignmentsPersonAsActorReport as Viewer.
Direct	Pages and Reports (User Interface)	SecurityAssignmentsScopedAtLocationReport	Viewer	Direct assignment to SecurityAssignmentsScopedAtLocationReport as Viewer.
Direct	Pages and Reports (User Interface)	UserAttributeChanges	Viewer	Direct assignment to UserAttributeChanges as Viewer.
Direct	Pages and Reports (User Interface)	UsersNeverLoggedIn	Viewer	Direct assignment to UsersNeverLoggedIn as Viewer.
Direct	Pages and Reports (User Interface)	UsersPasswordNeverExpires	Viewer	Direct assignment to UsersPasswordNeverExpires as Viewer.
Direct	Pages and Reports (User Interface)	View All Tasks	Viewer	Direct assignment to View All Tasks as Viewer.
Direct	Pages and Reports (User Interface)	WhitePages.aspx	Viewer	Direct assignment to WhitePages.aspx as Viewer.
Direct	Pages and Reports (User Interface)	WorkflowsByInitiator	Viewer	Direct assignment to WorkflowsByInitiator as Viewer.
Direct	Workflow	AccountJoinToPerson	Initiator	Direct assignment to AccountJoinToPerson as Initiator.
Direct	Workflow	AccountRequest	Initiator	Direct assignment to AccountRequest as Initiator.
Direct	Workflow	AccountRequestAdvanced	Initiator	Direct assignment to AccountRequestAdvanced as Initiator.
Direct	Workflow	AccountRequestwithGroup	Initiator	Direct assignment to AccountRequestwithGroup as Initiator.
Direct	Workflow	AccountUnjoinPerson	Initiator	Direct assignment to AccountUnjoinPerson as Initiator.
Direct	Workflow	AddAccountsToGroups	Initiator	Direct assignment to AddAccountsToGroups as Initiator.
Direct	Workflow	AddExchangeMailboxAddress	Initiator	Direct assignment to AddExchangeMailboxAddress as Initiator.
Direct	Workflow	AddGroupResourceRole	Initiator	Direct assignment to AddGroupResourceRole as Initiator.
Direct	Workflow	AddGroupsToGroups	Initiator	Direct assignment to AddGroupsToGroups as Initiator.
Direct	Workflow	AddPeopleToGroups	Initiator	Direct assignment to AddPeopleToGroups as Initiator.
Direct	Workflow	AddPersonOrgZoneResourceTypeRole	Initiator	Direct assignment to AddPersonOrgZoneResourceTypeRole as Initiator.
Direct	Workflow	AddPersonResourceRole	Initiator	Direct assignment to AddPersonResourceRole as Initiator.
Direct	Workflow	AddRbacAssignmentToManagementRole	Initiator	Direct assignment to AddRbacAssignmentToManagementRole as Initiator.
Direct	Workflow	AddRbacResourceRoleAssignment	Initiator	Direct assignment to AddRbacResourceRoleAssignment as Initiator.
Direct	Workflow	AddResourceOrgZone	Initiator	Direct assignment to AddResourceOrgZone as Initiator.
Direct	Workflow	AssetAccessRequest	Initiator	Direct assignment to AssetAccessRequest as Initiator.
Direct	Workflow	AssetAccessRequestSelfService	Initiator	Direct assignment to AssetAccessRequestSelfService as Initiator.
Direct	Workflow	AssetProvision	Initiator	Direct assignment to AssetProvision as Initiator.
Direct	Workflow	AssetProvisionSelfService	Initiator	Direct assignment to AssetProvisionSelfService as Initiator.
Direct	Workflow	AssignAssetToPerson	Initiator	Direct assignment to AssignAssetToPerson as Initiator.
Direct	Workflow	AssignGroupOrgRoleOrgZone	Initiator	Direct assignment to AssignGroupOrgRoleOrgZone as Initiator.
Direct	Workflow	AssignGroupResourceRole	Initiator	Direct assignment to AssignGroupResourceRole as Initiator.
Direct	Workflow	AssignManagementRolesMultiResourcesMultiActors	Initiator	Direct assignment to AssignManagementRolesMultiResourcesMultiActors as Initiator.
Direct	Workflow	AssignOrgRoleOrgZone	Initiator	Direct assignment to AssignOrgRoleOrgZone as Initiator.
Direct	Workflow	AssignOrgRoleOrgZoneResourceRole	Initiator	Direct assignment to AssignOrgRoleOrgZoneResourceRole as Initiator.
Direct	Workflow	AssignPersonOrgRoleOrgZone	Initiator	Direct assignment to AssignPersonOrgRoleOrgZone as Initiator.
Direct	Workflow	AssignPersonResourceRole	Initiator	Direct assignment to AssignPersonResourceRole as Initiator.
Direct	Workflow	AssignSecondaryBusinessRoleandLocationSimpleUI	Initiator	Direct assignment to AssignSecondaryBusinessRoleandLocationSimpleUI as Initiator.
Direct	Workflow	AssignTokenToPerson	Initiator	Direct assignment to AssignTokentoPerson as Initiator.
Direct	Workflow	AuthenticationLevel2OATHLogin	Initiator	Direct assignment to AuthenticationLevel2OATHLogin as Initiator.
Direct	Workflow	Bulk Create People From Accounts	Initiator	Direct assignment to Bulk Create People From Accounts as Initiator.
Direct	Workflow	BulkAddRemoveExchangeMailboxEmailAddresses	Initiator	Direct assignment to BulkAddRemoveExchangeMailboxEmailAddresses as Initiator.
Direct	Workflow	BulkChangePrimaryBusinessRoleAndLocationNonUI	Initiator	Direct assignment to BulkChangePrimaryBusinessRoleAndLocationNonUI as Initiator.
Direct	Workflow	BulkCreatePeople	Initiator	Direct assignment to BulkCreatePeople as Initiator.
Direct	Workflow	BulkHideInGAL	Initiator	Direct assignment to BulkHideInGAL as Initiator.
Direct	Workflow	BulkMailenableGroup	Initiator	Direct assignment to BulkMailenableGroup as Initiator.
Direct	Workflow	ChangePassword	Initiator	Direct assignment to ChangePassword as Initiator.
Direct	Workflow	ChangePrimaryBusinessRoleLocationSimpleUI	Initiator	Direct assignment to ChangePrimaryBusinessRoleLocationSimpleUI as Initiator.
Direct	Workflow	ChangePrimaryOrgRoleOrgZone	Initiator	Direct assignment to ChangePrimaryOrgRoleOrgZone as Initiator.
Direct	Workflow	ClaimAccount	Initiator	Direct assignment to ClaimAccount as Initiator.
Direct	Workflow	ClaimPasswordVaultAccount	Initiator	Direct assignment to ClaimPasswordVaultAccount as Initiator.
Direct	Workflow	CopyUser	Initiator	Direct assignment to CopyUser as Initiator.
Direct	Workflow	CreateADGroup	Initiator	Direct assignment to CreateADGroup as Initiator.
Direct	Workflow	CreateBusinessRole	Initiator	Direct assignment to CreateBusinessRole as Initiator.
Direct	Workflow	CreateEquipment	Initiator	Direct assignment to CreateEquipment as Initiator.
Direct	Workflow	CreateExchangeMailbox	Initiator	Direct assignment to CreateExchangeMailbox as Initiator.
Direct	Workflow	CreateGroup	Initiator	Direct assignment to CreateGroup as Initiator.
Direct	Workflow	CreateLocation	Initiator	Direct assignment to CreateLocation as Initiator.
Direct	Workflow	CreateOU	Initiator	Direct assignment to CreateOU as Initiator.
Direct	Workflow	CreatePeopleFromFile	Initiator	Direct assignment to CreatePeopleFromFile as Initiator.
Direct	Workflow	CreatePersonAndAccount	Initiator	Direct assignment to CreatePersonAndAccount as Initiator.
Direct	Workflow	CreatePersonFromAccount	Initiator	Direct assignment to CreatePersonFromAccount as Initiator.
Direct	Workflow	CreatePersonSimple	Initiator	Direct assignment to CreatePersonSimple as Initiator.
Direct	Workflow	CreatePersonSuperSimple	Initiator	Direct assignment to CreatePersonSuperSimple as Initiator.
Direct	Workflow	CreateResourceMailbox	Initiator	Direct assignment to CreateResourceMailbox as Initiator.
Direct	Workflow	CreateTOTPToken	Initiator	Direct assignment to CreateTOTPToken as Initiator.
Direct	Workflow	CreateUser	Initiator	Direct assignment to CreateUser as Initiator.
Direct	Workflow	CreateUserAccount	Initiator	Direct assignment to CreateUserAccount as Initiator.
Direct	Workflow	CreateUserAndMailbox	Initiator	Direct assignment to CreateUserAndMailbox as Initiator.
Direct	Workflow	CreateUserHomeFolder	Initiator	Direct assignment to CreateUserHomeFolder as Initiator.
Direct	Workflow	CreateUserMailbox	Initiator	Direct assignment to CreateUserMailbox as Initiator.
Direct	Workflow	DeleteAccount	Initiator	Direct assignment to DeleteAccount as Initiator.
Direct	Workflow	DeleteComputer	Initiator	Direct assignment to DeleteComputer as Initiator.
Direct	Workflow	DeleteExchangeMailboxAddress	Initiator	Direct assignment to DeleteExchangeMailboxAddress as Initiator.
Direct	Workflow	DeleteGroup	Initiator	Direct assignment to DeleteGroup as Initiator.
Direct	Workflow	DeleteMailbox	Initiator	Direct assignment to DeleteMailbox as Initiator.
Direct	Workflow	DeleteOUAndItsChildObjects	Initiator	Direct assignment to DeleteOUAndItsChildObjects as Initiator.
Direct	Workflow	DisableAccount	Initiator	Direct assignment to DisableAccount as Initiator.
Direct	Workflow	DisableAutoAccept	Initiator	Direct assignment to DisableAutoAccept as Initiator.
Direct	Workflow	DisableComputer	Initiator	Direct assignment to DisableComputer as Initiator.
Direct	Workflow	DisableMailbox	Initiator	Direct assignment to DisableMailbox as Initiator.
Direct	Workflow	DisableOWA	Initiator	Direct assignment to DisableOWA as Initiator.
Direct	Workflow	DisableWireless	Initiator	Direct assignment to DisableWireless as Initiator.
Direct	Workflow	EditAcceptMessagesFrom	Initiator	Direct assignment to EditAcceptMessagesFrom as Initiator.
Direct	Workflow	EditAccount	Initiator	Direct assignment to EditAccount as Initiator.
Direct	Workflow	EditADUserHomeFolder	Initiator	Direct assignment to EditADUserHomeFolder as Initiator.
Direct	Workflow	EditAttestationPolicyNoUI	Initiator	Direct assignment to EditAttestationPolicyNoUI as Initiator.
Direct	Workflow	EditBulkAccount	Initiator	Direct assignment to EditBulkAccount as Initiator.
Direct	Workflow	EditExchangeMailboxAddress	Initiator	Direct assignment to EditExchangeMailboxAddress as Initiator.
Direct	Workflow	EditGroup	Initiator	Direct assignment to EditGroup as Initiator.
Direct	Workflow	EditMailbox	Initiator	Direct assignment to EditMailbox as Initiator.
Direct	Workflow	EditMailForwarding	Initiator	Direct assignment to EditMailForwarding as Initiator.
Direct	Workflow	EditOrgZoneResourceTypeRoleTimeConstraint	Initiator	Direct assignment to EditOrgZoneResourceTypeRoleTimeConstraint as Initiator.
Direct	Workflow	EditOU	Initiator	Direct assignment to EditOU as Initiator.
Direct	Workflow	EditPasswordVaultAccount	Initiator	Direct assignment to EditPasswordVaultAccount as Initiator.
Direct	Workflow	EditPerson	Initiator	Direct assignment to EditPerson as Initiator.
Direct	Workflow	EditPersonDemographics	Initiator	Direct assignment to EditPersonDemographics as Initiator.
Direct	Workflow	EditRejectMessagesFrom	Initiator	Direct assignment to EditRejectMessagesFrom as Initiator.
Direct	Workflow	EditSeparationOfDutiesPolicyNoUI	Initiator	Direct assignment to EditSeparationOfDutiesPolicyNoUI as Initiator.
Direct	Workflow	EditSharePointPersonProfile	Initiator	Direct assignment to EditSharePointPersonProfile as Initiator.
Direct	Workflow	EditSMTPAddresses	Initiator	Direct assignment to EditSMTPAddresses as Initiator.
Direct	Workflow	EditUserDemographics	Initiator	Direct assignment to EditUserDemographics as Initiator.
Direct	Workflow	EditVisibilityRBACObjectFilter	Initiator	Direct assignment to EditVisibilityRBACObjectFilter as Initiator.
Direct	Workflow	EnableAccount	Initiator	Direct assignment to EnableAccount as Initiator.
Direct	Workflow	EnableAutoAccept	Initiator	Direct assignment to EnableAutoAccept as Initiator.
Direct	Workflow	EnableComputer	Initiator	Direct assignment to EnableAutoAccept as Initiator.
Direct	Workflow	EnableMailboxWithBasicQuota	Initiator	Direct assignment to EnableMailboxWithBasicQuota as Initiator.
Direct	Workflow	EnableMailboxWithCorpQuota	Initiator	Direct assignment to EnableMailboxWithCorpQuota as Initiator.
Direct	Workflow	EnableOWA	Initiator	Direct assignment to EnableOWA as Initiator.
Direct	Workflow	EnableWireless	Initiator	Direct assignment to EnableWireless as Initiator.
Direct	Workflow	Enroll	Initiator	Direct assignment to Enroll as Initiator.
Direct	Workflow	Enrollment	Initiator	Direct assignment to Enrollment as Initiator.
Direct	Workflow	GetAndUpdateProfileWF	Initiator	Direct assignment to GetAndUpdateProfileWF as Initiator.
Direct	Workflow	HelpdeskAccountUnlock	Initiator	Direct assignment to HelpdeskAccountUnlock as Initiator.
Direct	Workflow	HelpdeskPasswordReset	Initiator	Direct assignment to HelpdeskPasswordReset as Initiator.
Direct	Workflow	HelpdeskSendOTP	Initiator	Direct assignment to HelpdeskSendOTP as Initiator.
Direct	Workflow	HideDLFromGAL	Initiator	Direct assignment to HideDLFromGAL as Initiator.
Direct	Workflow	HideMailbox	Initiator	Direct assignment to HideMailbox as Initiator.
Direct	Workflow	ImportOathTokens	Initiator	Direct assignment to ImportOathTokens as Initiator.
Direct	Workflow	JoinAccountToPerson	Initiator	Direct assignment to JoinAccountToPerson as Initiator.
Direct	Workflow	LaptopAssetAssignment	Initiator	Direct assignment to LaptopAssetAssignment as Initiator.
Direct	Workflow	LaptopAssetProvision	Initiator	Direct assignment to LaptopAssetProvision as Initiator.
Direct	Workflow	LaptopAssetRegistration	Initiator	Direct assignment to LaptopAssetRegistration as Initiator.
Direct	Workflow	LDAPCreateAccount	Initiator	Direct assignment to LDAPCreateAccount as Initiator.
Direct	Workflow	LDAPCreateGroup	Initiator	Direct assignment to LDAPCreateAccount as Initiator.
Direct	Workflow	LDAPCreateOU	Initiator	Direct assignment to LDAPCreateAccount as Initiator.
Direct	Workflow	Login	Initiator	Direct assignment to Login as Initiator.
Direct	Workflow	MailboxSizeDecrease	Initiator	Direct assignment to MailboxSizeDecrease as Initiator.
Direct	Workflow	MailboxSizeIncrease	Initiator	Direct assignment to MailboxSizeIncrease as Initiator.
Direct	Workflow	MailDisableAccount	Initiator	Direct assignment to MailDisableAccount as Initiator.
Direct	Workflow	MailDisableGroup	Initiator	Direct assignment to MailDisableGroup as Initiator.
Direct	Workflow	MailEnableAccount	Initiator	Direct assignment to MailEnableAccount as Initiator.
Direct	Workflow	MailEnableGroup	Initiator	Direct assignment to MailEnableGroup as Initiator.
Direct	Workflow	Move Computer	Initiator	Direct assignment to Move Computer as Initiator.
Direct	Workflow	MoveGroup	Initiator	Direct assignment to MoveGroup as Initiator.
Direct	Workflow	MoveMailbox	Initiator	Direct assignment to MoveMailbox as Initiator.
Direct	Workflow	MovePeopleFromOrgRoleOrgZoneToAnother	Initiator	Direct assignment to MovePeopleFromOrgRoleOrgZoneToAnother as Initiator.
Direct	Workflow	OrgRoleEdit	Initiator	Direct assignment to OrgRoleEdit as Initiator.
Direct	Workflow	PasswordExpirationNotification	Initiator	Direct assignment to PasswordExpirationNotification as Initiator.
Direct	Workflow	PasswordResetCenter	Initiator	Direct assignment to PasswordResetCenter as Initiator.
Direct	Workflow	PasswordCenterOTP	Initiator	Direct assignment to PasswordCenterOTP as Initiator.
Direct	Workflow	PersonAttributeDefaultValueEditNonResourceManager	Initiator	Direct assignment to PersonAttributeDefaultValueEditNonResourceManager as Initiator.
Direct	Workflow	PersonEdit	Initiator	Direct assignment to PersonEdit as Initiator.
Direct	Workflow	PersonEditNonResourceManager	Initiator	Direct assignment to PersonEditNonResourceManager as Initiator.
Direct	Workflow	PersonNew	Initiator	Direct assignment to PersonNew as Initiator.
Direct	Workflow	PersonPhotoApproval	Initiator	Direct assignment to PersonPhotoApproval as Initiator.
Direct	Workflow	ProfileManager	Initiator	Direct assignment to ProfileManager as Initiator.
Direct	Workflow	ProvisionAssetTypeRequest	Initiator	Direct assignment to ProvisionAssetTypeRequest as Initiator.
Direct	Workflow	ProvisionAttestationPolicy	Initiator	Direct assignment to ProvisionAttestationPolicy as Initiator.
Direct	Workflow	ProvisionCatalogRequest	Initiator	Direct assignment to ProvisionCatalogRequest as Initiator.
Direct	Workflow	ProvisionComputer	Initiator	Direct assignment to ProvisionComputer as Initiator.
Direct	Workflow	ProvisionSeparationOfDuties	Initiator	Direct assignment to ProvisionSeparationOfDuties as Initiator.
Direct	Workflow	ProvisionVisibilityRBACObjectFilter	Initiator	Direct assignment to ProvisionVisibilityRBACObjectFilter as Initiator.
Direct	Workflow	ProvisionVisibilityRBACObjectSelectColumn	Initiator	Direct assignment to ProvisionVisibilityRBACObjectSelectColumn as Initiator.
Direct	Workflow	ReinstateExchangeMailbox	Initiator	Direct assignment to ReinstateExchangeMailbox as Initiator.
Direct	Workflow	RemoveAccountsFromGroups	Initiator	Direct assignment to RemoveAccountsFromGroups as Initiator.
Direct	Workflow	RemoveGroupAccount	Initiator	Direct assignment to RemoveGroupAccount as Initiator.
Direct	Workflow	RemoveGroupOrgRoleOrgZone	Initiator	Direct assignment to RemoveGroupOrgRoleOrgZone as Initiator.
Direct	Workflow	RemoveGroupResourceRoleNoUI	Initiator	Direct assignment to RemoveGroupResourceRoleNoUI as Initiator.
Direct	Workflow	RemoveGroupsFromGroup	Initiator	Direct assignment to RemoveGroupsFromGroup as Initiator.
Direct	Workflow	RemoveOrgRoleOrgZoneFromGroups	Initiator	Direct assignment to RemoveOrgRoleOrgZoneFromGroups as Initiator.
Direct	Workflow	RemovePersonOrgRoleOrgZone	Initiator	Direct assignment to RemovePersonOrgRoleOrgZone as Initiator.
Direct	Workflow	RemovePersonOrgRoleOrgZoneNoUI	Initiator	Direct assignment to RemovePersonOrgRoleOrgZoneNoUI as Initiator.
Direct	Workflow	RemovePersonResourceRoleNoUI	Initiator	Direct assignment to RemovePersonResourceRoleNoUI as Initiator.
Direct	Workflow	RemoveRbacAssignmentFromManagementRole	Initiator	Direct assignment to RemoveRbacAssignmentFromManagementRole as Initiator.
Direct	Workflow	RemoveRbacResourceRoleAssignment	Initiator	Direct assignment to RemoveRbacResourceRoleAssignment as Initiator.
Direct	Workflow	RemoveRbacResourceRoleAssignmentAsActor	Initiator	Direct assignment to RemoveRbacResourceRoleAssignmentAsActor as Initiator.
Direct	Workflow	RemoveResourceFromOrgZone	Initiator	Direct assignment to RemoveResourceFromOrgZone as Initiator.
Direct	Workflow	RemoveResourceOrgZoneNoUI	Initiator	Direct assignment to RemoveResourceOrgZoneNoUI as Initiator.
Direct	Workflow	ResetComputer	Initiator	Direct assignment to ResetComputer as Initiator.
Direct	Workflow	ResetAccountPassword	Initiator	Direct assignment to ResetAccountPassword as Initiator.
Direct	Workflow	ResetPassword	Initiator	Direct assignment to ResetPassword as Initiator.
Direct	Workflow	ResetPasswordVaultAccountPassword	Initiator	Direct assignment to ResetPasswordVaultAccountPassword as Initiator.
Direct	Workflow	Resource Manager Delete Person	Initiator	Direct assignment to Resource Manager Delete Person as Initiator.
Direct	Workflow	Resource Manager Update Computer	Initiator	Direct assignment to Resource Manager Update Computer as Initiator.
Direct	Workflow	Resource Manager Update OrgZone	Initiator	Direct assignment to Resource Manager Update OrgZone as Initiator.
Direct	Workflow	Resource Manager Update Person	Initiator	Direct assignment to Resource Manager Update Person as Initiator.
Direct	Workflow	ResourceEntitlementEditNonResourceManager	Initiator	Direct assignment to ResourceEntitlementEditNonResourceManager as Initiator.
Direct	Workflow	ResourceManagerAccountDelete	Initiator	Direct assignment to ResourceManagerAccountDelete as Initiator.
Direct	Workflow	ResourceManagerAccountUpdate	Initiator	Direct assignment to ResourceManagerAccountUpdate as Initiator.
Direct	Workflow	ResourceManagerEditGroup	Initiator	Direct assignment to ResourceManagerEditGroup as Initiator.
Direct	Workflow	ResourceManagerUpdateMailbox	Initiator	Direct assignment to ResourceManagerUpdateMailbox as Initiator.
Direct	Workflow	RestoreDeletedAccount	Initiator	Direct assignment to RestoreDeletedAccount as Initiator.
Direct	Workflow	RevokeResourceRoleNoUI	Initiator	Direct assignment to RevokeResourceRoleNoUI as Initiator.
Direct	Workflow	SelfServiceAccountJoinGroup	Initiator	Direct assignment to SelfServiceAccountJoinGroup as Initiator.
Direct	Workflow	SelfServicePersonJoinGroup	Initiator	Direct assignment to SelfServicePersonJoinGroup as Initiator.
Direct	Workflow	SelfServicePersonLeaveGroup	Initiator	Direct assignment to SelfServicePersonLeaveGroup as Initiator.
Direct	Workflow	SetAsPrimaryExchangeMailboxAddress	Initiator	Direct assignment to SetAsPrimaryExchangeMailboxAddress as Initiator.
Direct	Workflow	SetUserManager	Initiator	Direct assignment to SetUserManager as Initiator.
Direct	Workflow	ShowDLInGAL	Initiator	Direct assignment to ShowDLInGAL as Initiator.
Direct	Workflow	ShowMailbox	Initiator	Direct assignment to ShowMailbox as Initiator.
Direct	Workflow	SubmitSingleAttestationResponse	Initiator	Direct assignment to SubmitSingleAttestationResponse as Initiator.
Direct	Workflow	SubmitSingleSodViolationResponse	Initiator	Direct assignment to SubmitSingleSodViolationResponse as Initiator.
Direct	Workflow	TerminatePerson	Initiator	Direct assignment to TerminatePerson as Initiator.
Direct	Workflow	UnenrollPerson	Initiator	Direct assignment to UnenrollPerson as Initiator.
Direct	Workflow	UnlockAccount	Initiator	Direct assignment to UnlockAccount as Initiator.
Direct	Workflow	UnlockFromRecoveryCenter	Initiator	Direct assignment to UnlockFromRecoveryCenter as Initiator.
Direct	Workflow	UnlockPersonAndAccounts	Initiator	Direct assignment to UnlockPersonAndAccounts as Initiator.
Direct	Workflow	UpdateDirectAssignmentTimeConstraint	Initiator	Direct assignment to UpdateDirectAssignmentTimeConstraint as Initiator.
Direct	Workflow	UpdateGroupAccountMembership	Initiator	Direct assignment to UpdateGroupAccountMembership as Initiator.
Direct	Workflow	UpdateGroupBusinessRoles	Initiator	Direct assignment to UpdateGroupBusinessRoles as Initiator.
Direct	Workflow	UpdateManagementRoleAssignments	Initiator	Direct assignment to UpdateManagementRoleAssignments as Initiator.
Direct	Workflow	UpdateOrgRoleListAsSuggestedOrgZones	Initiator	Direct assignment to UpdateOrgRoleListAsSuggestedOrgZones as Initiator.
Direct	Workflow	UpdateOrgRoleOrgZoneGroups	Initiator	Direct assignment to UpdateOrgRoleOrgZoneGroups as Initiator.
Direct	Workflow	UpdateOrgRoleOrgZonePasswordManagerPolicyID	Initiator	Direct assignment to UpdateOrgRoleOrgZonePasswordManagerPolicyID as Initiator.
Direct	Workflow	UpdateOrgRoleOrgZonePeople	Initiator	Direct assignment to UpdateOrgRoleOrgZonePeople as Initiator.
Direct	Workflow	UpdateOrgRoleOrgZoneProfileManagerPolicyID	Initiator	Direct assignment to UpdateOrgRoleOrgZoneProfileManagerPolicyID as Initiator.
Direct	Workflow	UpdateOrgRoleOrgZoneSetGroupID	Initiator	Direct assignment to UpdateOrgRoleOrgZoneSetGroupID as Initiator.
Direct	Workflow	UpdateOrgRoleOrgZoneSetGroups	Initiator	Direct assignment to UpdateOrgRoleOrgZoneSetGroups as Initiator.
Direct	Workflow	UpdatePasswordManagerPolicyAssignments	Initiator	Direct assignment to UpdatePasswordManagerPolicyAssignments as Initiator.
Direct	Workflow	UpdateProtectedApplications	Initiator	Direct assignment to UpdateProtectedApplications as Initiator.
Direct	Workflow	UpdateResourceAssignments	Initiator	Direct assignment to UpdateResourceAssignments as Initiator.
Direct	Workflow	UpdateResourceAssignmentsByResource	Initiator	Direct assignment to UpdateResourceAssignmentsByResource as Initiator.
Direct	Workflow	UpdateResourceTypeRoleOperations	Initiator	Direct assignment to UpdateResourceTypeRoleOperations as Initiator.
Direct	Workflow	UpdateResourceTypeRoleRights	Initiator	Direct assignment to UpdateResourceTypeRoleRights as Initiator.
Direct	Workflow	UpdateSSOApplication	Initiator	Direct assignment to UpdateSSOApplication as Initiator.
Direct	Workflow	UpdateSSOApplicationDefinition	Initiator	Direct assignment to UpdateSSOApplicationDefinition as Initiator.
Direct	Workflow	ViewPerson	Initiator	Direct assignment to ViewPerson as Initiator.

Enterprise IT Helpdesk

Users with this Management Role have enterprise-wide ability to perform limited management of users, people and groups.

Assignment Type	Resource Type	Resource	Access Level	Assignment Description
Scoped At Location	Person	N/A	Help Desk	Assignment to any Person as Help Desk scoped at Anywhere
Scoped At Location	User Account	N/A	Help Desk	Assignment to any User Account as Help Desk scoped at Anywhere.
Direct	Control (User Interface)	Resource Manager: Access Granted To Account	Viewer	Direct assignment to Resource Manager: Access Granted To Account as Viewer.
Direct	Control (User Interface)	Resource Manager: Access Granted To Group	Viewer	Direct assignment to Resource Manager: Access Granted To Group as Viewer.
Direct	Control (User Interface)	Resource Manager: Access Granted To Person	Viewer	Assignment to Resource Manager:Access Granted To Person as Viewer.
Direct	Control (User Interface)	Resource Manager: Account Resultant Set Of Resource Roles	Viewer	Assignment to Resource Manager: Account Resultant Set of Resource Roles as Viewer.
Direct	Control (User Interface)	Resource Manager: Audit History By Person	Viewer	Direct assignment to Resource Manager: Audit History By Person as Viewer.
Direct	Control (User Interface)	Resource Manager: Enforcement	Viewer	Direct assignment to Resource Manager: Enforcement as Viewer.
Direct	Control (User Interface)	Resource Manager: Group Account	Viewer	Direct assignment to Resource Manager: Group Account as Viewer.
Direct	Control (User Interface)	Resource Manager: Group Account History By Account	Viewer	Direct assignment to Resource Manager: Group Account History By Account as Viewer.
Direct	Control (User Interface)	Resource Manager: Group Account History By Group	Viewer	Direct Assignment to Resource Manager: Group Account History By Group.
Direct	Control (User Interface)	Resource Manager: Group Account History By Person	Viewer	Direct assignment to Resource Manager: Group Account History By Person as Viewer.
Direct	Control (User Interface)	Resource Manager: Group Group Membership	Viewer	Direct assignment to Resource Manager: Group Group Membership as Viewer.
Direct	Control (User Interface)	Resource Manager: Group Resultant Set of Resource Roles	Viewer	Direct assignment to Resource Manager: Group Resultant Set of Resource Roles as Viewer.
Direct	Control (User Interface)	Resource Manager: Person Account	Viewer	Direct assignment to Resource Manager: Person Account as Viewer.
Direct	Control (User Interface)	Resource Manager: Person Business Roles	Viewer	Direct assignment to Resource Manager: Person Business Roles as Viewer.
Direct	Control (User Interface)	Resource Manager: Person Group Membership	Viewer	Direct assignment to Resource Manager: Person Group Membership as Viewer.
Direct	Control (User Interface)	Resource Manager: Person Resultant Set Of Resource Roles	Viewer	Assignment to Resource Manager: Person Resultant Set of Resource Roles as Viewer.
Direct	Control (User Interface)	Resource Manager: Security	Viewer	Direct assignment to Resource Manager: Security as Viewer.
Direct	Control (User Interface)	Windows File Share Resource Type dropdown item	Viewer	Direct assignment to Windows File Share Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Windows Print Share Resource Type dropdown item	Viewer	Direct assignment to Windows Print Share Resource Type dropdown item as Viewer.
Direct	Pages and Reports (User Interface)	AccountManager.aspx	Viewer	Direct assignment to AccountManager.aspx as Viewer.
Direct	Pages and Reports (User Interface)	AccountsWithoutManager	Viewer	Direct assignment to AccountsWithoutManager as Viewer.
Direct	Pages and Reports (User Interface)	ActionsByPerson	Viewer	Direct assignment to ActionsByPerson as Viewer.
Direct	Pages and Reports (User Interface)	ActionsToPerson	Viewer	Direct assignment to ActionsToPerson as Viewer.
Direct	Pages and Reports (User Interface)	Addresses	Viewer	Direct assignment to Addresses as Viewer.
Direct	Pages and Reports (User Interface)	ChangeManager.aspx	Viewer	Direct assignment to ChangeManager.aspx as Viewer.
Direct	Pages and Reports (User Interface)	Delegations management page	Viewer	Direct assignment to Delegations management page as Viewer.
Direct	Pages and Reports (User Interface)	DeletedGroups	Viewer	Direct assignment to DeletedGroups as Viewer.
Direct	Pages and Reports (User Interface)	DeletedPeople	Viewer	Direct assignment to DeletedPeople as Viewer.
Direct	Pages and Reports (User Interface)	DeletedUsers	Viewer	Direct assignment to DeletedUsers as Viewer.
Direct	Pages and Reports (User Interface)	Directory Manager	Viewer	Direct assignment to Directory Manager as Viewer.
Direct	Pages and Reports (User Interface)	DisabledUsers	Viewer	Direct assignment to DisabledUsers as Viewer.
Direct	Pages and Reports (User Interface)	DomainControllers	Viewer	Direct assignment to DomainControllers as Viewer.
Direct	Pages and Reports (User Interface)	EmptyGroups	Viewer	Direct assignment to EmptyGroups as Viewer.
Direct	Pages and Reports (User Interface)	Find Computer Page	Viewer	Direct assignment to Find Computer Page as Viewer.
Direct	Pages and Reports (User Interface)	Find Group Page	Viewer	Direct assignment to Find Group Page as Viewer.
Direct	Pages and Reports (User Interface)	Find OrgRolOrgZone Page	Viewer	Direct assignment to Find OrgRoleOrgZone Page as Viewer.
Direct	Pages and Reports (User Interface)	Find ProtectedApplicationResourceApplication Page	Viewer	Direct assignment to Find ProtectedApplicationResourceApplication Page as Viewer.
Direct	Pages and Reports (User Interface)	Find User Account Page	Viewer	Direct assignment to Find User Account Page as Viewer.
Direct	Pages and Reports (User Interface)	GroupMembersForGroup	Viewer	Direct assignment to GroupMembersForGroup as Viewer.
Direct	Pages and Reports (User Interface)	GroupMembershipChanges	Viewer	Direct assignment to GroupMembershipChanges as Viewer.
Direct	Pages and Reports (User Interface)	GroupMembershipChangesHighSecurity	Viewer	Direct assignment to GroupMembershipChangesHighSecurity as Viewer.
Direct	Pages and Reports (User Interface)	GroupMembershipForAccount	Viewer	Direct assignment to GroupMembershipForAccount as Viewer.
Direct	Pages and Reports (User Interface)	GroupMembershipForPerson	Viewer	Direct assignment to GroupMembershipForPerson as Viewer.
Direct	Pages and Reports (User Interface)	Identity Manager	Viewer	Direct assignment to Identity Manager as Viewer.
Direct	Pages and Reports (User Interface)	LockedOutUsers	Viewer	Direct assignment to LockedOutUsers as Viewer.
Direct	Pages and Reports (User Interface)	LoginHistory	Viewer	Direct assignment to LoginHistory as Viewer.
Direct	Pages and Reports (User Interface)	LoginsByLocation	Viewer	Direct assignment to LoginsByLocation as Viewer.
Direct	Pages and Reports (User Interface)	MembershipChangesByAccount	Viewer	Direct assignment to MembershipChangesByAccount as Viewer.
Direct	Pages and Reports (User Interface)	MembershipChangesByGroup	Viewer	Direct assignment to MembershipChangesByGroup as Viewer.
Direct	Pages and Reports (User Interface)	MembershipChangesByPerson	Viewer	Direct assignment to MembershipChangesByPerson as Viewer.
Direct	Pages and Reports (User Interface)	OrphanAccountsByLocation	Viewer	Direct assignment to OrphanAccountsByLocation as Viewer.
Direct	Pages and Reports (User Interface)	PasswordManagementActivityByDate	Viewer	Direct assignment to PasswordManagementActivityByDate as Viewer.
Direct	Pages and Reports (User Interface)	PasswordManagerEnrollment	Viewer	Direct assignment to PasswordManagerEnrollment as Viewer.
Direct	Pages and Reports (User Interface)	PasswordManagerNotEnrolled	Viewer	Direct assignment to PasswordManagerNotEnrolled as Viewer.
Direct	Pages and Reports (User Interface)	PeopleByRoleandLocation	Viewer	Direct assignment to PeopleByRoleandLocationas Viewer.
Direct	Pages and Reports (User Interface)	PeopleByRoleReport	Viewer	Direct assignment to PeopleByRoleReport as Viewer.
Direct	Pages and Reports (User Interface)	PeopleWithoutAccounts	Viewer	Direct assignment to PeopleWithoutAccounts as Viewer.
Direct	Pages and Reports (User Interface)	PersonLoginHistory	Viewer	Direct assignment to PersonLoginHistory as Viewer.
Direct	Pages and Reports (User Interface)	PersonManager.aspx	Viewer	Direct assignment to PersonManager.aspx as Viewer.
Direct	Pages and Reports (User Interface)	PossibleStaleComputers	Viewer	Direct assignment to PossibleStaleComputers as Viewer.
Direct	Pages and Reports (User Interface)	ResourceRolesForPerson	Viewer	Direct assignment to ResourceRolesForPerson as Viewer.
Direct	Pages and Reports (User Interface)	UserAttributeChanges	Viewer	Direct assignment to UserAttributeChanges as Viewer.
Direct	Pages and Reports (User Interface)	UsersNeverLoggedIn	Viewer	Direct assignment to UsersNeverLoggedIn as Viewer.
Direct	Pages and Reports (User Interface)	UsersPasswordNeverExpires	Viewer	Direct assignment to UsersPasswordNeverExpires as Viewer.
Direct	Pages and Reports (User Interface)	WorkflowsByInitiator	Viewer	Direct assignment to WorkflowsByInitiator as Viewer.
Direct	Workflow	AccountRequest	Initiator	Direct assignment to AccountRequest as Initiator.
Direct	Workflow	AccountRequestAdvanced	Initiator	Direct assignment to AccountRequestAdvanced as Initiator.
Direct	Workflow	AccountRequestwithGroup	Initiator	Direct assignment to AccountRequestwithGroup as Initiator.
Direct	Workflow	AddAcountsToGroups	Initiator	Direct assignment to AddAccountsToGroups as Initiator.
Direct	Workflow	AddPeopleToGroups	Initiator	Direct assignment to AddPeopleToGroups as Initiator.
Direct	Workflow	Bulk Create People From Accounts	Initiator	Direct assignment to Bulk Create People From Accounts as Initiator.
Direct	Workflow	BulkCreatePeople	Initiator	Direct assignment to BulkCreatePeople as Initiator.
Direct	Workflow	ChangePassword	Initiator	Direct assignment to ChangePassword as Initiator.
Direct	Workflow	CopyUser	Initiator	Direct assignment to CopyUser as Initiator.
Direct	Workflow	CreatePersonAndAccount	Initiator	Direct assignment to CreatePersonAndAccount as Initiator.
Direct	Workflow	CreatePersonSimple	Initiator	Direct assignment to CreatePersonSimple as Initiator.
Direct	Workflow	CreateUser	Initiator	Direct assignment to CreateUser as Initiator.
Direct	Workflow	CreateUserHomeFolder	Initiator	Direct assignment to CreateUserHomeFolder as Initiator.
Direct	Workflow	DeleteComputer	Initiator	Direct assignment to DeleteComputer as Initiator.
Direct	Workflow	DeleteOUAndItsChildObjects	Initiator	Direct assignment to DeleteOUAndItsChildObjects as Initiator.
Direct	Workflow	DisableAccount	Initiator	Direct assignment to DisableAccount as Initiator.
Direct	Workflow	DisableComputer	Initiator	Direct assignment to DisableComputer as Initiator.
Direct	Workflow	EditAccount	Initiator	Direct assignment to EditAccount as Initiator.
Direct	Workflow	EditADUserHomeFolder	Initiator	Direct assignment to EditADUserHomeFolder as Initiator.
Direct	Workflow	EditBulkAccount	Initiator	Direct assignment to EditBulkAccount as Initiator.
Direct	Workflow	EditGroup	Initiator	Direct assignment to EditGroup as Initiator.
Direct	Workflow	EditOU	Initiator	Direct assignment to EditOU as Initiator.
Direct	Workflow	EditPersonDemographics	Initiator	Direct assignment to EditPersonDemographics as Initiator.
Direct	Workflow	EditUserDemographics	Initiator	Direct assignment to EditUserDemographics as Initiator.
Direct	Workflow	EnableAccount	Initiator	Direct assignment to EnableAccount as Initiator.
Direct	Workflow	EnableComputer	Initiator	Direct assignment to EnableComputer as Initiator.
Direct	Workflow	Enroll	Initiator	Direct assignment to Enroll as Initiator.
Direct	Workflow	Enrollment	Initiator	Direct assignment to Enrollment as Initiator.
Direct	Workflow	GetAndUpdateProfileWF	Initiator	Direct assignment to GetAndUpdateProfileWF as Initiator.
Direct	Workflow	HelpdeskAccountUnlock	Initiator	Direct assignment to HelpdeskAccountUnlock as Initiator.
Direct	Workflow	HelpdeskPasswordReset	Initiator	Direct assignment to HelpdeskPasswordReset as Initiator.
Direct	Workflow	HelpdeskSendOTP	Initiator	Direct assignment to HelpdeskSendOTP as Initiator.
Direct	Workflow	LaptopAssetAssignment	Initiator	Direct assignment to LaptopAssetAssignment as Initiator.
Direct	Workflow	LaptopAssetProvision	Initiator	Direct assignment to LaptopAssetProvision as Initiator.
Direct	Workflow	LaptopAssetRegistration	Initiator	Direct assignment to LaptopAssetRegistration as Initiator.
Direct	Workflow	Login	Initiator	Direct assignment to Login as Initiator.
Direct	Workflow	Move computer	Initiator	Direct assignment to Move Computer as Initiator.
Direct	Workflow	MoveGroup	Initiator	Direct assignment to MoveGroup as Initiator.
Direct	Workflow	PasswordExpirationNotification	Initiator	Direct assignment to PasswordExpirationNotification as Initiator.
Direct	Workflow	PasswordResetCenter	Initiator	Direct assignment to PasswordResetCenter as Initiator.
Direct	Workflow	PasswordResetCenterOTP	Initiator	Direct assignment to PasswordResetCenterOTP as Initiator.
Direct	Workflow	PersonEdit	Initiator	Direct assignment to PersonEdit as Initiator.
Direct	Workflow	PersonNew	Initiator	Direct assignment to PersonNew as Initiator.
Direct	Workflow	ProfileManager	Initiator	Direct assignment to ProfileManager as Initiator.
Direct	Workflow	ProvisionComputer	Initiator	Direct assignment to ProvisionComputer as Initiator.
Direct	Workflow	RemoveAccountsFromGroups	Initiator	Direct assignment to RemoveAccountsFromGroups as Initiator.
Direct	Workflow	RemoveGroupAccount	Initiator	Direct assignment to RemoveGroupAccount as Initiator.
Direct	Workflow	Reset Computer	Initiator	Direct assignment to Reset Computer as Initiator.
Direct	Workflow	ResetAccountPassword	Initiator	Direct assignment to ResetAccountPassword as Initiator.
Direct	Workflow	ResetPassword	Initiator	Direct assignment to ResetPassword as Initiator.
Direct	Workflow	ResourceManagerAccountDelete	Initiator	Direct assignment to ResourceManagerAccountDelete as Initiator.
Direct	Workflow	ResourceManagerAccountUpdate	Initiator	Direct assignment to ResourceManagerAccountUpdate as Initiator.
Direct	Workflow	ResourceManagerEditGroup	Initiator	Direct assignment to ResourceManagerEditGroup as Initiator.
Direct	Workflow	RestoreDeletedAccount	Initiator	Direct assignment to RestoreDeletedAccount as Initiator.
Direct	Workflow	SelfServiceAccountJoinGroup	Initiator	Direct assignment to SelfServiceAccountJoinGroup as Initiator.
Direct	Workflow	SelfServicePersonJoinGroup	Initiator	Direct assignment to SelfServicePersonJoinGroup as Initiator.
Direct	Workflow	SelfServicePersonLeaveGroup	Initiator	Direct assignment to SelfServicePersonLeaveGroup as Initiator.
Direct	Workflow	TestDatasource	Initiator	Direct assignment to TestDatasource as Initiator.
Direct	Workflow	UnlockAccount	Initiator	Direct assignment to UnlockAccount as Initiator.
Direct	Workflow	UnlockFromRecoveryCenter	Initiator	Direct assignment to UnlockFromRecoveryCenter as Initiator.
Direct	Workflow	UnlockPersonAndAccounts	Initiator	Direct assignment to UnlockPersonAndAccounts as Initiator.
Direct	Workflow	ViewPerson	Initiator	Direct assignment to ViewPerson as Initiator.

Enterprise Password Administrator

Users with this Management Role have enterprise-wide ability to manage all user and person passwords.

Assignment Type	Resource Type	Resource	Access Level	Assignment Description
Scoped At Location	Person	N/A	Password Reset and Unlock	Assignment to any Person as Password Reset and Unlock scoped at Anywhere
Direct	Control (User Interface)	Request Center Global Stats	Viewer	Direct assignment to Request Center Global Stats as Viewer.
Direct	Pages and Reports (User Interface)	Directory Manager	Viewer	Direct assignment to Directory Manager as Viewer.
Direct	Pages and Reports (User Interface)	DisabledUsers	Viewer	Direct assignment to DisabledUsers as Viewer.
Direct	Pages and Reports (User Interface)	HelpdeskView.aspx	Viewer	Direct assignment to HelpdeskView.aspx as Viewer.
Direct	Pages and Reports (User Interface)	Identity Manager	Viewer	Direct assignment to Identity Manager as Viewer.
Direct	Pages and Reports (User Interface)	LockedOutUsers	Viewer	Direct assignment to LockedOutUsers as Viewer.
Direct	Pages and Reports (User Interface)	PasswordManagementActivityByDate	Viewer	Direct assignment to PasswordManagementActivityByDate as Viewer.
Direct	Pages and Reports (User Interface)	PasswordManagerEnrollment	Viewer	Direct assignment to PasswordManagerEnrollment as Viewer.
Direct	Pages and Reports (User Interface)	PasswordManagerNotEnrolled	Viewer	Direct assignment to PasswordManagerNotEnrolled as Viewer.
Direct	Pages and Reports (User Interface)	UsersPasswordNeverExpires	Viewer	Direct assignment to UsersPasswordNeverExpires as Viewer.
Direct	Workflow	ChangePassword	Initiator	Direct assignment to ChangePassword as Initiator.
Direct	Workflow	CreateTOTPToken	Initiator	Direct assignment to CreateTOTPToken as Initiator.
Direct	Workflow	Enroll	Initiator	Direct assignment to Enroll as Initiator.
Direct	Workflow	Enrollment	Initiator	Direct assignment to Enrollment as Initiator.
Direct	Workflow	HelpdeskAccountUnlock	Initiator	Direct assignment to HelpdeskAccountUnlock as Initiator.
Direct	Workflow	HelpdeskPasswordReset	Initiator	Direct assignment to HelpdeskPasswordReset as Initiator.
Direct	Workflow	HelpdeskSendOTP	Initiator	Direct assignment to HelpdeskSendOTP as Initiator.
Direct	Workflow	PasswordExpirationNotification	Initiator	Direct assignment to PasswordExpirationNotification as Initiator.
Direct	Workflow	PasswordResetCenter	Initiator	Direct assignment to PasswordResetCenter as Initiator.
Direct	Workflow	PasswordResetCenterOTP	Initiator	Direct assignment to PasswordResetCenterOTP as Initiator.
Direct	Workflow	ResetAccountPassword	Initiator	Direct assignment to ResetAccountPassword as Initiator.
Direct	Workflow	ResetPassword	Initiator	Direct assignment to ResetPassword as Initiator.
Direct	Workflow	UnenrollPerson	Initiator	Direct assignment to UnenrollPerson as Initiator.
Direct	Workflow	UnlockFromRecoveryCenter	Initiator	Direct assignment to UnlockFromRecoveryCenter as Initiator.

Enterprise RBAC Policy Author

Users with this Management Role have the ability to author RBAC policies and delegations.

This Management Role allows assignees to create, edit and delete Management Roles and define the Resources Roles they grant. It is not intended for use in assigning people to Management Roles.

Assignment Type	Resource Type	Resource	Access Level	Assignment Description
Scoped At Location	Access Request	N/A	Access Manager	Assignment to any Access Request as Access Manager scoped at Anywhere.
Scoped At Location	Alert	N/A	Access Manager	Assignment to any Alert as Access Manager scoped at EmpowerID System.
Scoped At Location	Application	N/A	Access Manager	Assignment to any Application as Access Manager scoped at EmpoewrID system.
Scoped At Location	Approval Routing Group	N/A	Access Manager	Assignment to any Approval Routing Group as Access Manager scoped at EmpowerID System.
Scoped At Location	Asset Request	N/A	Access Manager	Assignment to any Asset Request as Access Manager scoped at Anywhere.
Scoped At Location	Audit	N/A	Access Manager	Assignment to any Audit as Access Manager scoped at EmpowerID System.
Scoped At Location	Business Role	N/A	Access Manager	Assignment to any Business Role as Access Manager scoped at EmpowerID System.
Scoped At Location	Computer	N/A	Access Manager	Assignment to any Computer as Access Manager scoped at Anywhere.
Scoped At Location	Control (User Interface)	N/A	Access Manager	Assignment to any Control (User Interface) as Access Manager scoped at EmpowerID System.
Scoped At Location	EmpowerID System	N/A	Access Manager	Assignment to any EmpowerID System as Access Manager scoped at EmpowerID System.
Scoped At Location	EmpowerID System	N/A	Access Manager	Assignment to any EmpowerID System as Access Manager scoped at Anywhere.
Scoped At Location	Exchange Contact	N/A	Access Manager	Assignment to any Exchange Contact as Access Manager scoped at Anywhere.
Scoped At Location	Exchange Mailbox	N/A	Access Manager	Assignment to any Exchange Mailbox as Access Manager scoped at Anywhere.
Scoped At Location	Exchange Public Folder	N/A	Access Manager	Assignment to any Exchange Public Folder as Access Manager scoped at Anywhere.
Scoped At Location	External Credential	N/A	Access Manager	Assignment to any External Credential as Access Manager scoped at Anywhere.
Scoped At Location	Folder (Shared)	N/A	Access Manager	Assignment to any Folder (Shared) as Access Manager scoped at Anywhere.
Scoped At Location	Generic Asset	N/A	Access Manager	Assignment to any Generic Asset as Access Manager scoped at Anywhere.
Scoped At Location	Generic Asset (AD Protected)	N/A	Access Manager	Assignment to any Generic Asset (AD Protected) as Access Manager scoped at Anywhere.
Scoped At Location	Group (Generic)	N/A	Access Manager	Assignment to any Group (Generic) as Access Manager scoped at Anywhere.
Scoped At Location	Group (Security)	N/A	Access Manager	Assignment to any Group (Security) as Access Manager scoped at Anywhere.
Scoped At Location	Location	N/A	Access Manager	Assignment to any Location as Access Manager scoped at EmpowerID System.
Scoped At Location	Lync User	N/A	Access Manager	Assignment to any Lync User as Access Manager scoped at Anywhere.
Scoped At Location	Management Role	N/A	Access Manager	Assignment to any Management Role as Access Manager scoped at EmpowerID System.
Scoped At Location	Management Role	N/A	Administrator	Assignment to any Management Role as Administrator scoped at Anywhere.
Scoped At Location	Management Role Definition	N/A	Access Manager	Assignment to any Management Role Definition as Access Manager scoped at EmpowerID System.
Scoped At Location	Organization	N/A	Access Manager	Assignment to any Person as Access Manager scoped at EmpowerID System.
Scoped At Location	Pages and Reports	N/A	Access Manager	Assignment to Pages and Reports as Access Manager scoped at EmpowerID System.
Scoped At Location	Person	N/A	Resource Role Assigne	Assignment to any Person as Access Manager scoped at EmpowerID System.
Scoped At Location	Printer (Shared)	N/A	Access Manager	Assignment to any Printer (Shared) as Access Manager scoped at Anywhere.
Scoped At Location	Query-Based Collection (SetGroup)	N/A	Access Manager	Assignment to any Query-Based Collection (SetGroup) as Access Manager scoped at EmpowerID System.
Scoped At Location	Separation of Duties Policy	N/A	Access Manager	Assignment to any Separation of Duties Policy as Access Manager scoped at Anywhere.
Scoped At Location	SSO Application	N/A	Access Manager	Assignment to any SSO Application as Access Manager scoped at EmpowerID System.
Scoped At Location	SSO Application Definition	N/A	Access Manager	Assignment to any SSO Application Definition as Access Manager scoped at EmpowerID System.
Scoped At Location	SSO SAML Connection	N/A	Access Manager	Assignment to any SSO SAML Connection as Access Manager scoped at EmpowerID System.
Scoped At Location	SSO WS-Federation Connection	N/A	Access Manager	Assignment to any SSO WS-Federation Connection as Access Manager scoped at EmpowerID System.
Scoped At Location	User Account	N/A	Access Manager	Assignment to any User Account as Access Manager scoped at EmpowerID System.
Scoped At Location	Web Service	N/A	Access Manager	Assignment to any Web Service as Access Manager scoped at EmpowerID System.
Scoped At Location	Workflow	N/A	Access Manager	Assignment to any Workflow as Access Manager scoped at EmpowerID System.
Direct	Control (User Interface)	Resource Manager: Management Role Assignees	Viewer	Direct assignment to Resource Manager: Management Role Assignees as Viewer.
Direct	Control (User Interface)	Resource Manager: Directly Assigned Locations	Viewer	Direct assignment to Resource Manager: Directly Assigned Locations as Viewer
Direct	Control (User Interface)	Management Role Resource Type dropdown item	Viewer	Direct assignment to Management Role Resource Type dropdown as Viewer
Direct	Control (User Interface)	Resource Manager: Management Role Resource Role Assignments	Viewer	Direct assignment to Resource Manager: Management Role Resource Role Assignments as Viewer
Direct	Control (User Interface)	Resource Manager: Management Role Resultant Set of Resource Roles	Viewer	Direct assignment to Resource Manager: Management Role Resultant Set of Resource Roles as Viewer
Direct	Workflow	AddRbacAssignmentToManagementRole	Viewer	Direct assignment to AddRbacAssignmentToManagementRole as Initiator
Direct	Workflow	AddResourceOrgZone	Initiator	Direct assignment to AddResourceOrgZone as Initiator
Direct	Workflow	DeleteManagementRole	Viewer	Direct assignment to DeleteManagementRole as Initiator
Direct	Workflow	EditManagementRoleNoUI	Initiator	Direct assignment to EditManagementRoleNoUI as Initiator
Direct	Workflow	ProvisionManagementRole	Initiator	Direct assignment to ProvisionManagementRole as Initiator.
Direct	Workflow	RemoveRbacAssignmentFromManagementRole	Initiator	Direct assignment to RemoveRbacAssignmentFromManagementRole as Initiator.
Direct	Workflow	RemoveResourceFromOrgZone	Initiator	Direct assignment to RemoveResourceFromOrgZone as Initiator
Direct	Workflow	RemoveResourceOrgZoneNoUI	Initiator	Direct assignment to RemoveResourceOrgZoneNoUI as Initiator
Direct	Workflow	UpdateResourceAssignments	Initiator	Direct assignment to UpdateResourceAssignments as Initiator
Direct	Workflow	UpdateResourceAssignmentsByResource	Initiator	Direct assignment to UpdateResourceAssignmentsByResource as Initiator

Enterprise SharePoint Administrator

Users with this Management Role have enterprise-wide ability to manage all SharePoint webs and groups.

Assignment Type	Resource Type	Resource	Access Level	Assignment Description
Scoped At Location	SharePoint Group	N/A	All Access (EmpowerID Admin)	Assignment to any SharePoint Group as All Access (EmpowerID Admin) scoped at All IT Systems.
Scoped At Location	SharePoint Web Site	N/A	All Access (EmpowerID Admin)	Assignment to any SharePoint Web Site as All Access (EmpowerID Admin) scoped at All IT Systems.
Direct	Control (User Interface)	AD Distribution Group Resource Type dropdown item	Viewer	Assignment to AD Distribution Group Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	AD Security Group Resource Type dropdown item	Viewer	Assignment to AD Security Group Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Deleted Groups	Viewer	Direct assignment to Deleted Groups as Viewer.
Direct	Control (User Interface)	Group Membership Change Log	Viewer	Assignment to Group Membership Change Log as Viewer.
Direct	Control (User Interface)	My Workspace: Service Catalog	Viewer	Direct assignment to My Workspace: Directory as Viewer.
Direct	Control (User Interface)	My Workspace: Colleagues	Viewer	Direct assignment to My Workspace: Colleagues as Viewer.
Direct	Control (User Interface)	My Workspace: Directory	Viewer	Direct assignment to My Workspace: Directory as Viewer.
Direct	Control (User Interface)	My Workspace: My Actions In Workflows	Viewer	Direct assignment to My Workspace: My Actions In Workflows as Viewer.
Direct	Control (User Interface)	My Workspace: My Business Roles	Viewer	Direct assignment to My Workspace: My Business Roles as Viewer.
Direct	Control (User Interface)	My Workspace: My Email Addresses	Viewer	Direct assignment to My Workspace: My Email Addresses as Viewer.
Direct	Control (User Interface)	My Workspace: My Login History	Viewer	Direct assignment to My Workspace: My Login History as Viewer.
Direct	Control (User Interface)	My Workspace: My Membership	Viewer	Direct assignment to My Workspace: My Membership as Viewer.
Direct	Control (User Interface)	My Workspace: My Membership Changes	Viewer	Direct assignment to My Workspace: My Membership Changes as Viewer.
Direct	Control (User Interface)	My Workspace: My Security Assignments	Viewer	Direct assignment to My Workspace: My Security Assignments as Viewer.
Direct	Control (User Interface)	My Workspace: My User Accounts	Viewer	Direct assignment to My Workspace: My User Accounts as Viewer.
Direct	Control (User Interface)	My Workspace: My Workflow Decisions	Viewer	Direct assignment to My Workspace: My Workflow Decisions as Viewer.
Direct	Control (User Interface)	My Workspace: Reports	Viewer	Direct assignment to My Workspace: Reports as Viewer.
Direct	Control (User Interface)	My Workspace: Task List	Viewer	Direct assignment to My Workspace: Task List as Viewer.
Direct	Control (User Interface)	Person Login History	Viewer	Direct assignment to Person Login History as Viewer.
Direct	Control (User Interface)	Recently Created Objects	Viewer	Direct assignment to Recently Created Objects as Viewer.
Direct	Control (User Interface)	Request Center Global Stats	Viewer	Direct assignment to Request Center Global Stats asViewer.
Direct	Control (User Interface)	Resource Access Levels	Viewer	Direct assignment to Resource Access Levels as Viewer.
Direct	Control (User Interface)	Resource Manager: Access Granted To Account	Viewer	Direct Assignment to Resource Manager: Access Granted To Account.
Direct	Control (User Interface)	Resource Manager:Access Granted To Group	Viewer	Assignment to Resource Manager:Access Granted To Group as Viewer.
Direct	Control (User Interface)	Resource Manager: Access Granted To Person	Viewer	Direct assignment to Resource Manager: Access Granted To Person as Viewer.
Direct	Control (User Interface)	Resource Manager: Account Resultant Set Of Resource Roles	Viewer	Direct assignment to Resource Manager: Account Resultant Set of Resource Roles as Viewer.
Direct	Control (User Interface)	Resource Manager: Audit History By Person	Viewer	Direct assignment to Resource Manager: Audit History By Person as Viewer.
Direct	Control (User Interface)	Resource Manager: Directly Assigned Locations	Viewer	Assignment to Resource Manager: Directly Assigned Locations Resource Role Assignment as Viewer.
Direct	Control (User Interface)	Resource Manager: Email Addresses	Viewer	Direct assignment to Resource Manager: Email Addresses as Viewer.
Direct	Control (User Interface)	Resource Manager: Enforcement	Viewer	Direct assignment to Resource Manager: Enforcement as Viewer.
Direct	Control (User Interface)	Resource Manager: Group Account	Viewer	Direct assignment to Resource Manager: Group Account as Viewer.
Direct	Control (User Interface)	Resource Manager: Group Account History By Account	Viewer	Assignment to Resource Manager: Group Account History By Account as Viewer.
Direct	Control (User Interface)	Resource Manager: Group Account History By Group	Viewer	Assignment to Resource Manager: Group Account History By Group as Viewer.
Direct	Control (User Interface)	Resource Manager: Group Account History By Person	Viewer	Direct assignment to Resource Manager: Group Account History By Person as Viewer.
Direct	Control (User Interface)	Resource Manager: Group Group Membership	Viewer	Direct assignment to Resource Manager: Group Group Membership as Viewer.
Direct	Control (User Interface)	Resource Manager: Group Resultant Set Of Resource Roles	Viewer	Direct assignment to Resource Manager: Group Resultant Set of Resource Roles as Viewer.
Direct	Control (User Interface)	Resource Manager: Management Role Assignees	Viewer	Assignment to Resource Manager: Management Role Assignees as Viewer.
Direct	Control (User Interface)	Resource Manager: Management Role Definition Resource Role Assignment	Viewer	Assignment to Resource Manager: Management Role Definition Resource Role Assignment as Viewer.
Direct	Control (User Interface)	Resource Manager: Management Role Resource Role Assignments	Viewer	Direct assignment to Resource Manager: Management Role Resource Role Assignments as Viewer.
Direct	Control (User Interface)	Resource Manager: Person Account	Viewer	Direct assignment to Resource Manager: Person Account as Viewer.
Direct	Control (User Interface)	Resource Manager: Person Business Roles	Viewer	Direct assignment to Resource Manager: Person Business Roles as Viewer.
Direct	Control (User Interface)	Resource Manager: Person Group Membership	Viewer	Direct assignment to Resource Manager: Person Group Membership as Viewer.
Direct	Control (User Interface)	Resource Manager: Person Resultant Set Of Resource Roles	Viewer	Direct assignment to Resource Manager: Person Resultant Set of Resource Roles as Viewer.
Direct	Control (User Interface)	Resource Manager: Resource Role Groups	Viewer	Assignment to Resource Manager: Resource Role Groups as Viewer.
Direct	Control (User Interface)	Resource Manager: Resultant Set of Security	Viewer	Direct assignment to Resource Manager: Resultant Set of Security as Viewer.
Direct	Control (User Interface)	Resource Manager: Resultant Resource Locations	Viewer	Assignment to Resource Manager: Resultant Resource Locations as Viewer.
Direct	Control (User Interface)	Resource Manager: Resultant Set Of Operation Assignments	Viewer	Direct assignment to Resource Manager: Resultant Set of Operation Assignments as Viewer.
Direct	Control (User Interface)	Resource Manager: Resultant Set Of Rights Assignments	Viewer	Direct assignment to Resource Manager: Resultant Set of Rights Assignments as Viewer.
Direct	Control (User Interface)	Resource Manager: Resultant Set of Security Security	Viewer	Direct assignment to Resource Manager: Resultant Set of Security Security as Viewer.
Direct	Control (User Interface)	Resource Manager: RRs To Business Roles	Viewer	Direct assignment to Resource Manager: RRs To Business Roles as Viewer.
Direct	Control (User Interface)	Resource Manager: Security	Viewer	Direct assignment to Resource Manager: Security as Viewer.
Direct	Control (User Interface)	SharePoint Group Resource type dropdown item	Viewer	Assignment to SharePoint Group Resource type dropdown item as Viewer.
Direct	Control (User Interface)	SharePoint Web Resource type dropdown item	Viewer	Assignment to SharePoint Web Resource type dropdown item as Viewer.
Direct	Pages and Reports (User Interface)	Find SharePointGroup Page	Viewer	Direct assignment to Find SharePointGroup Page as Viewer.
Direct	Pages and Reports (User Interface)	Find SharePointWeb Page	Viewer	Direct assignment to Find SharePointWeb Page as Viewer.
Direct	Pages and Reports (User Interface)	GroupManager.aspx	Viewer	Direct assignment to GroupManager.aspx as Viewer.
Direct	Pages and Reports (User Interface)	PersonManger.aspx	Viewer	Direct assignment to PersonManager.aspx as Viewer.
Direct	Pages and Reports (User Interface)	SimpleWhitePages.aspx	Viewer	Direct assignment to SimpleWhitePages.aspx as Viewer.
Direct	Pages and Reports (User Interface)	WhitePages.aspx	Viewer	Direct assignment to WhitePages.aspx as Viewer.
Direct	Workflow	AddGroupResourceRole	Initiator	Direct assignment to AddGroupResourceRole as Initiator.
Direct	Workflow	AddGroupsToGroup	Initiator	Direct assignment to AddGroupsToGroup as Initiator.
Direct	Workflow	AddPeopleToGroups	Initiator	Direct assignment to AddPeopleToGroups as Initiator.
Direct	Workflow	EditSharePointPersonProfile	Initiator	Direct assignment to EditSharePointPersonProfile as Initiator.

Enterprise User Administrator

Users with this Management Role have enterprise-wide ability to manage all users.

Assignment Type	Resource Type	Resource	Access Level	Assignment Description
Scoped At Location	Person	N/A	All Access (EmpowerID Admin)	Assignment to any Person as All Access (EmpowerID Admin) scoped at Anywhere
Scoped At Location	User Account	N/A	All Access (EmpowerID Admin)	Assignment to any User Account as EmpowerID Adminstrator scoped at Anywhere.
Scoped At Location	Exchange Contact	N/A	All Access (EmpowerID Admin)	Assignment to any Exchange Contact as EmpowerID Adminstrator scoped at Anywhere.
Direct	Control (User Interface)	Account Resource Type dropdown item	Viewer	Direct assignment to Account Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	DeletedAccounts	Viewer	Direct assignment to DeletedAccounts as Viewer.
Direct	Control (User Interface)	Deleted Exchange Mailboxes	Viewer	Direct assignment to Deleted Exchange Mailboxes as Viewer.
Direct	Control (User Interface)	Deleted Groups	Viewer	Direct assignment to Deleted Groups as Viewer.
Direct	Control (User Interface)	Deleted Person Objects	Viewer	Direct assignment to Deleted Person Objects as Viewer.
Direct	Control (User Interface)	Exchange Mail Contact Resource Type dropdown item	Viewer	Direct assignment to Exchange Mail Contact Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Group Membership Change Log	Viewer	Direct assignment to Group Membership Change Log as Viewer.
Direct	Control (User Interface)	Inbound Attribute Changes	Viewer	Direct assignment to Inbound Attribute Changes as Viewer.
Direct	Control (User Interface)	New Account Inbox	Viewer	Direct assignment to New Account Inbox as Viewer.
Direct	Control (User Interface)	Operation Audit Log	Viewer	Direct assignment to Operation Audit Log as Viewer.
Direct	Control (User Interface)	Orphan Accounts	Viewer	Direct assignment to Orphan Accounts as Viewer.
Direct	Control (User Interface)	Outbound Attribute Changes	Viewer	Direct assignment to Outbound Attribute Changes as Viewer.
Direct	Control (User Interface)	Person Manager Enrollment	Viewer	Direct assignment to Password Manager Enrollment as Viewer.
Direct	Control (User Interface)	Person Login History	Viewer	Direct assignment to Person Login History as Viewer.
Direct	Control (User Interface)	Person Resource Type dropdown item	Viewer	Direct assignment to Person Resource Type dropdown item as Viewer.
Direct	Control (User Interface)	Recently Created Objects	Viewer	Direct assignment to Recently Created Objects as Viewer.
Direct	Control (User Interface)	Request Center Global Stats	Viewer	Direct assignment to Request Center Global Stats as Viewer.
Direct	Control (User Interface)	Resource Manager: Access Granted To Account	Viewer	Direct Assignment to Resource Manager: Access Granted To Account.
Direct	Control (User Interface)	Resource Manager: Access Granted To Group	Viewer	Assignment to Resource Manager: Access Granted To Group as Viewer.
Direct	Control (User Interface)	Resource Manager: Access Granted To Person	Viewer	Direct assignment to Resource Manager: Access Granted To Person as Viewer.
Direct	Control (User Interface)	Resource Manager: Account Resultant Set Of Resource Roles	Viewer	Direct assignment to Resource Manager: Account Resultant Set of Resource Roles as Viewer.
Direct	Control (User Interface)	Resource Manager: Audit History By Person	Viewer	Direct assignment to Resource Manager: Audit History By Person as Viewer.
Direct	Control (User Interface)	Resource Manager: Group Account	Viewer	Direct assignment to Resource Manager: Group Account as Viewer.
Direct	Control (User Interface)	Resource Manager: Group Account History By Account	Viewer	Assignment to Resource Manager: Group Account History By Account as Viewer.
Direct	Control (User Interface)	Resource Manager: Group Account History By Group	Viewer	Assignment to Resource Manager: Group Account History By Group as Viewer.
Direct	Control (User Interface)	Resource Manager: Group Account History By Person	Viewer	Direct assignment to Resource Manager: Group Account History By Person as Viewer.
Direct	Control (User Interface)	Resource Manager: Person Account	Viewer	Direct assignment to Resource Manager: Person Account as Viewer.
Direct	Control (User Interface)	Resource Manager: Person Business Roles	Viewer	Direct assignment to Resource Manager: Person Business Roles as Viewer.
Direct	Control (User Interface)	Resource Manager: Person Group Membership	Viewer	Direct assignment to Resource Manager: Person Group Membership as Viewer.
Direct	Control (User Interface)	Resource Manager: Person Resultant Set Of Resource Roles	Viewer	Direct assignment to Resource Manager: Person Resultant Set of Resource Roles as Viewer.
Direct	Control (User Interface)	Resource Manager: Resultant Resource Locations	Viewer	Direct assignment to Resource Manager: Resultant Resource Locations as Viewer.
Direct	Control (User Interface)	Resource Manager: Resultant Set of Security	Viewer	Direct assignment to Resource Manager: Resultant Set of Security as Viewer.
Direct	Control (User Interface)	Resource Manager: Security	Viewer	Direct assignment to Resource Manager: security as Viewer.
Direct	Control (User Interface)	Resources Pending RBAC Processing	Viewer	Direct assignment to Resources Pending RBAC Processing as Viewer.
Direct	Control (User Interface)	Workflow Error Log	Viewer	Direct assignment to Workflow Error Log as Viewer.
Direct	Pages and Reports (User Interface)	AccountManager.aspx	Viewer	Direct assignment to AccountManager.aspx as Viewer.
Direct	Pages and Reports (User Interface)	ChangeManager.aspx	Viewer	Direct assignment to ChangeManager.aspx as Viewer.
Direct	Pages and Reports (User Interface)	Create Application page	Viewer	Direct assignment to Create Application page as Viewer.
Direct	Pages and Reports (User Interface)	Find ProtectedApplicationResourceApplication page	Viewer	Direct assignment to Find ProtectedApplicationResourceApplication page as Viewer.
Direct	Pages and Reports (User Interface)	HelpdeskView.aspx	Viewer	Direct assignment to HelpdeskView.aspx as Viewer.
Direct	Pages and Reports (User Interface)	PersonManger.aspx	Viewer	Direct assignment to PersonManager.aspx as Viewer.
Direct	Workflow	AccountRequest	Initiator	Direct assignment to AccountRequest as Initiator.
Direct	Workflow	AccountRequestAdvanced	Initiator	Direct assignment to AccountRequestAdvanced as Initiator.
Direct	Workflow	AccountRequestwithGroup	Initiator	Direct assignment to AccountRequestwithGroup as Initiator.
Direct	Workflow	AddAccountsToGroups	Initiator	Direct assignment to AddAccountsToGroups as Initiator.
Direct	Workflow	AddPeopleToGroups	Initiator	Direct assignment to AddPeopleToGroups as Initiator.
Direct	Workflow	Bulk Create People From Accounts	Initiator	Direct assignment to Bulk Create People From Accounts as Initiator.
Direct	Workflow	BulkCreatePeople	Initiator	Direct assignment to BulkCreatePeople as Initiator.
Direct	Workflow	BulkMailenableGroup	Initiator	Direct assignment to BulkMailenableGroup as Initiator.
Direct	Workflow	ChangePassword	Initiator	Direct assignment to ChangePassword as Initiator.
Direct	Workflow	ChangePrimaryBusinessRoleLocationSimpleUI	Initiator	Direct assignment to ChangePrimaryBusinessRoleLocationSimpleUI as Initiator.
Direct	Workflow	ChangePrimaryOrgRoleOrgZone	Initiator	Direct assignment to ChangePrimaryOrgRoleOrgZone as Initiator.
Direct	Workflow	ClaimAccount	Initiator	Direct assignment to ClaimAccount as Initiator.
Direct	Workflow	CopyUser	Initiator	Direct assignment to CopyUser as Initiator.
Direct	Workflow	CreatePersonAndAccount	Initiator	Direct assignment to CreatePersonAndAccount as Initiator.
Direct	Workflow	CreatePersonFromAccount	Initiator	Direct assignment to CreatePersonFromAccount as Initiator.
Direct	Workflow	CreateUser	Initiator	Direct assignment to CreateUser as Initiator.
Direct	Workflow	CreateUserAccount	Initiator	Direct assignment to CreateUserAccount as Initiator.
Direct	Workflow	CreateUserAndMailbox	Initiator	Direct assignment to CreateUserAndMailbox as Initiator.
Direct	Workflow	CreateUserHomeFolder	Initiator	Direct assignment to CreateUserHomeFolder as Initiator.
Direct	Workflow	DeleteAccount	Initiator	Direct assignment to DeleteAccount as Initiator.
Direct	Workflow	DisableAccount	Initiator	Direct assignment to DisableAccount as Initiator.
Direct	Workflow	EditAccount	Initiator	Direct assignment to EditAccount as Initiator.
Direct	Workflow	EditADUserHomeFolder	Initiator	Direct assignment to EditADUserHomeFolder as Initiator.
Direct	Workflow	EditBulkAccount	Initiator	Direct assignment to EditBulkAccount as Initiator.
Direct	Workflow	EditPersonDemographics	Initiator	Direct assignment to EditPersonDemographics as Initiator.
Direct	Workflow	EditUserDemographics	Initiator	Direct assignment to EditUserDemographics as Initiator.
Direct	Workflow	EnableAccount	Initiator	Direct assignment to EnableAccount as Initiator.
Direct	Workflow	Enroll	Initiator	Direct assignment to Enroll as Initiator.
Direct	Workflow	Enrollment	Initiator	Direct assignment to Enrollment as Initiator.
Direct	Workflow	GetAndUpdateProfileWF	Initiator	Direct assignment to Request Workflow:GetAndUpdateProfileWF as Initiator.
Direct	Workflow	HelpdeskAccountUnlock	Initiator	Direct assignment to HelpdeskAccountUnlock as Initiator.
Direct	Workflow	HelpdeskPasswordReset	Initiator	Direct assignment to HelpdeskPasswordReset as Initiator.
Direct	Workflow	HelpdeskSendOTP	Initiator	Direct assignment to HelpdeskSendOTP as Initiator.
Direct	Workflow	JoinAccountToPerson	Initiator	Direct assignment to JoinAccountToPerson as Initiator.
Direct	Workflow	MailEnableAccount	Initiator	Direct assignment to MailEnableAccount as Initiator.
Direct	Workflow	PasswordExpirationNotification	Initiator	Direct assignment to PasswordExpirationNotification as Initiator.
Direct	Workflow	PasswordResetCenter	Initiator	Direct assignment to PasswordResetCenter as Initiator.
Direct	Workflow	PasswordResetCenterOTP	Initiator	Direct assignment to PasswordResetCenterOTP as Initiator.
Direct	Workflow	PersonEdit	Initiator	Direct assignment to PersonEdit as Initiator.
Direct	Workflow	PersonEditNonResourceManager	Initiator	Direct assignment to PersonEditNonResourceManager as Initiator.
Direct	Workflow	PersonNew	Initiator	Direct assignment to PersonNew as Initiator.
Direct	Workflow	ProfileManager	Initiator	Direct assignment to ProfileManager as Initiator.
Direct	Workflow	RemoveAccountFromGroups	Initiator	Direct assignment to RemoveAccountFromGroups as Initiator.
Direct	Workflow	RemoveGroupAccount	Initiator	Direct assignment to RemoveGroupAccount as Initiator.
Direct	Workflow	RemoveRbacResourceRoleAssignment	Initiator	Direct assignment to RemoveRbacResourceRoleAssignment as Initiator.
Direct	Workflow	ResetAccountPassword	Initiator	Direct assignment to ResetAccountPassword as Initiator.
Direct	Workflow	ResetPassword	Initiator	Direct assignment to ResetPassword as Initiator.
Direct	Workflow	ResourceManagerDeletePerson	Initiator	Direct assignment to ResourceManagerDeletePerson as Initiator.
Direct	Workflow	ResourceManagerUpdatePerson	Initiator	Direct assignment to ResourceManagerUpdatePerson as Initiator.
Direct	Workflow	ResourceManagerAccountDelete	Initiator	Direct assignment to ResourceManagerAccountDelete as Initiator.
Direct	Workflow	ResourceManagerAccountUpdate	Initiator	Direct assignment to ResourceManagerAccountUpdate as Initiator.
Direct	Workflow	RestoreDeletedAccount	Initiator	Direct assignment to RestoreDeletedAccount as Initiator.
Direct	Workflow	RETDeprovisionADAccount	Initiator	Direct assignment to RETDeprovisionADAccount as Initiator.
Direct	Workflow	SelfServiceAccountJoinGroup	Initiator	Direct assignment to SelfServiceAccountJoinGroup as Initiator.
Direct	Workflow	SelfServicePersonJoinGroup	Initiator	Direct assignment to SelfServicePersonJoinGroup as Initiator.
Direct	Workflow	SelfServicePersonLeaveGroup	Initiator	Direct assignment to SelfServicePersonLeaveGroup as Initiator.
Direct	Workflow	TerminatePerson	Initiator	Direct assignment to TerminatePerson as Initiator.
Direct	Workflow	TestDatasource	Initiator	Direct assignment to TestDatasource as Initiator.
Direct	Workflow	UnenrollPerson	Initiator	Direct assignment to UnenrollPerson as Initiator.
Direct	Workflow	Update Person	Initiator	Direct assignment to Update Person as Initiator.
Direct	Workflow	UnjoinAccountFromPerson	Initiator	Direct assignment to UnjoinAccountFromPerson as Initiator.
Direct	Workflow	UnlockAccount	Initiator	Direct assignment to UnlockAccount as Initiator.
Direct	Workflow	UnlockPersonAndAccounts	Initiator	Direct assignment to UnlockPersonAndAccounts as Initiator.
Direct	Workflow	UnlockFromRecoveryCenter	Initiator	Direct assignment to EnableAccount as Initiator.
Direct	Workflow	ViewPerson	Initiator	Direct assignment to ViewPerson as Initiator.

Group Membership Change Alerts

Users with this Management Role receive notifications of group membership changes.

IT shop Full Access

Users with this Management Role have full access to the IT Shop workflows and user interfaces to allow access requests and resource management.

Assignment Type	Resource Type	Resource	Access Level	Assignment Description
Direct	Control (User Interface)	IT Shop Workflows	Viewer	Direct Assignment to IT Shop Workflows as Viewer.
Direct	Control (User Interface)	Shopping Cart	Viewer	Direct Assignment to Shopping Cart as Viewer.
Direct	Pages and Reports	IT Shop I Manage	Viewer	Direct Assignment to IT Shop I Manage as Viewer.
Direct	Pages and Reports	IT Shop My Access	Viewer	Direct Assignment to IT Shop My Access as Viewer.
Direct	Pages and Reports	IT Shop Request Access	Viewer	Direct Assignment to IT Shop Request Access as Viewer.
Direct	Workflow	AddBusinessProcessTaskComment	Initiator	Direct Assignment to AddBusinessProcessTaskComment as Initiator.
Direct	Workflow	AddCommentToTask	Initiator	Direct Assignment to AddCommentToTask as Initiator.
Direct	Workflow	ClaimBusinessProcessTask	Initiator	Direct Assignment to ClaimBusinessProcessTask as Initiator.
Direct	Workflow	ClaimSSOAccount	Initiator	Direct Assignment to ClaimSSOAccount as Initiator.
Direct	Workflow	CreateApplicationUser	Initiator	Direct Assignment to CreateApplicationUser as Initiator.
Direct	Workflow	CreateAsset	Initiator	Direct Assignment to CreateAsset as Initiator.
Direct	Workflow	CreateAssetMailbox	Initiator	Direct Assignment to CreateAssetMailbox as Initiator.
Direct	Workflow	CreateGenericAsset	Initiator	Direct Assignment to CreateGenericAsset as Initiator.
Direct	Workflow	ProvisionAssetForPerson	Initiator	Direct Assignment to ProvisionAssetForPerson as Initiator.
Direct	Workflow	RemoveBusinessProcessTaskDelegate	Initiator	Direct Assignment to RemoveBusinessProcessTaskDelegate as Initiator.
Direct	Workflow	SetBusinessProcessTaskDelegate	Initiator	Direct Assignment to SetBusinessProcessTaskDelegate as Initiator.
Direct	Workflow	TerminateWorkflow	Initiator	Direct Assignment to TerminateWorkflow as Initiator.
Direct	Workflow	UnclaimBusinessProcessTask	Initiator	Direct Assignment to UnclaimBusinessProcessTask as Initiator.
Direct	Workflow	UpdateAccountGroupMembership	Initiator	Direct Assignment to UpdateAccountGroupMembership as Initiator.
Direct	Workflow	UpdateDirectAssignmentTimeConstraint	Initiator	Direct Assignment to UpdateDirectAssignmentTimeConstraint as Initiator.
Direct	Workflow	UpdateManagementRoleAssignments	Initiator	Direct Assignment to UpdateManagementRoleAssignments as Initiator.
Direct	Workflow	UpdatePersonApplicationGroupMembership	Initiator	Direct Assignment to UpdatePersonApplicationGroupMembership as Initiator.
Direct	Workflow	UpdatePersonDirectAssignment	Initiator	Direct Assignment to UpdatePersonDirectAssignment as Initiator.
Direct	Workflow	UpdatePersonGroupMembership	Initiator	Direct Assignment to UpdatePersonGroupMembership as Initiator.
Direct	Workflow	UpdatePersonManagementRoleAssignments	Initiator	Direct Assignment to UpdatePersonManagementRoleAssignments as Initiator.
Direct	Workflow	UpdatePersonManagementRoles	Initiator	Direct Assignment to UpdatePersonManagementRoles as Initiator.

IT Shop Limited Access

Users with this Management Role have limited access to the IT Shop workflows and user interfaces to allow access requests and resource management.

Assignment Type	Resource Type	Resource	Access Level	Assignment Description
Direct	Control (User Interface)	IT Shop Workflows	Viewer	Direct Assignment to IT Shop Workflows as Viewer.
Direct	Control (User Interface)	Shopping Cart	Viewer	Direct Assignment to Shopping Cart as Viewer.
Direct	Pages and Reports	IT Shop Request Access	Viewer	Direct Assignment to IT Shop Request Access as Viewer.
Direct	Workflow	ClaimSSOAccount	Initiator	Direct Assignment to ClaimSSOAccount as Initiator.
Direct	Workflow	CreateApplicationUser	Initiator	Direct Assignment to CreateApplicationUser as Initiator.
Direct	Workflow	CreateAsset	Initiator	Direct Assignment to CreateAsset as Initiator.
Direct	Workflow	CreateAssetMailbox	Initiator	Direct Assignment to CreateAssetMailbox as Initiator.
Direct	Workflow	CreateGenericAsset	Initiator	Direct Assignment to CreateGenericAsset as Initiator.
Direct	Workflow	ProvisionAssetForPerson	Initiator	Direct Assignment to ProvisionAssetForPerson as Initiator.
Direct	Workflow	UpdateAccountGroupMembership	Initiator	Direct Assignment to UpdateAccountGroupMembership as Initiator.
Direct	Workflow	UpdateDirectAssignmentTimeConstraint	Initiator	Direct Assignment to UpdateDirectAssignmentTimeConstraint as Initiator.
Direct	Workflow	UpdatePersonApplicationGroupMembership	Initiator	Direct Assignment to UpdatePersonApplicationGroupMembership as Initiator.
Direct	Workflow	UpdatePersonDirectAssignment	Initiator	Direct Assignment to UpdatePersonDirectAssignment as Initiator.
Direct	Workflow	UpdatePersonGroupMembership	Initiator	Direct Assignment to UpdatePersonGroupMembership as Initiator.
Direct	Workflow	UpdatePersonManagementRoleAssignments	Initiator	Direct Assignment to UpdatePersonManagementRoleAssignments as Initiator.
Direct	Workflow	UpdatePersonManagementRoles	Initiator	Direct Assignment to UpdatePersonManagementRoles as Initiator.

Partner Admin

Users with this Management Role have the ability to perform delegated administration of people, users and groups within partner organizations. They can only see object in the partner organization.

Assignment Type	Resource Type	Resource	Access Level	Assignment Description
Person Relative Resource	Person	N/A	All Access (EmpowerID Admin)	Assignment to any person as All Access (EmpowerID Admin) that matches this criteria: People in organizations to which I belong.
Person Relative Resource	User Account	N/A	All Access (EmpowerID Admin)	Assignment to any user account as All Access (EmpowerID Admin) that matches this criteria: User accounts in organizations to which I belong.
Person Relative Resource	Group (Security)	N/A	All Access (EmpowerID Admin)	Assignment to any group (security) as All Access (EmpowerID Admin) that matches this criteria: Security groups in organizations to which I belong.
Person Relative Resource	Group (Distribution)	N/A	All Access (EmpowerID Admin)	Assignment to any group (distribution) as All Access (EmpowerID Admin) that matches this criteria: Distribution groups in organizations to which I belong.
Person Relative Resource	Group (Generic)	N/A	All Access (EmpowerID Admin)	Assignment to any group (generic) as All Access (EmpowerID Admin) that matches this criteria: Generic groups in organizations to which I belong.
Direct	Control (User Interface)	Account Resource Type Drop-down Item	Viewer	Direct Assignment to Account Resource Type Drop-down Item as Viewer.
Direct	Control (User Interface)	Group Resource Type Drop-down Item	Viewer	Direct Assignment to Group Resource Type Drop-down Item as Viewer.
Direct	Control (User Interface)	Person Resource Type Drop-down Item	Viewer	Direct Assignment to Person Resource Type Drop-down Item as Viewer.
Direct	Control (User Interface)	Global Person Search Box	Viewer	Direct Assignment to Global Person Search Box as Viewer.
Direct	Pages and Reports	Find Group Page	Viewer	Direct Assignment to Find Group Page as Viewer.
Direct	Pages and Reports	Find Person Page	Viewer	Direct Assignment to Find Person Page as Viewer.
Direct	Pages and Reports	Find User Account Page	Viewer	Direct Assignment to Find User Account Page as Viewer.
Direct	Pages and Reports	Person Onboarding	Viewer	Direct Assignment to Person Onboarding as Viewer.
Direct	Pages and Reports	View Account Page	Viewer	Direct Assignment to View Account Page as Viewer.
Direct	Pages and Reports	Create Person Simple	Viewer	Direct Assignment to Create Person Simple as Viewer.
Direct	Pages and Reports	Edit Group Page	Viewer	Direct Assignment to Edit Group Page as Viewer.
Direct	Pages and Reports	Reset Password Page	Viewer	Direct Assignment to Reset Password Page as Viewer.
Direct	Pages and Reports	Edit Person Page	Viewer	Direct Assignment to Edit Person Page as Viewer.
Direct	Pages and Reports	Edit Account Page	Viewer	Direct Assignment to Edit Account Page as Viewer.
Direct	Pages and Reports	View Group Page	Viewer	Direct Assignment to View Group Page as Viewer.
Direct	Pages and Reports	View Person Page	Viewer	Direct Assignment to View Prson Page as Viewer.
Direct	Workflow	ChangePrimaryOrgRoleOrgZone	Initiator	Direct Assignment to ChangePrimaryOrgRoleOrgZone as Initiator.
Direct	Workflow	HelpdeskPasswordReset	Initiator	Direct Assignment to HelpdeskPasswordReset as Initiator.
Direct	Workflow	HelpdeskAccountUnlock	Initiator	Direct Assignment to HelpdeskAccountUnlock as Initiator.
Direct	Workflow	UpdateAssignments	Initiator	Direct Assignment to UpdateAssignments as Initiator.
Direct	Workflow	UpdatePersonAssignments	Initiator	Direct Assignment to UpdatePersonAssignments as Initiator.
Direct	Workflow	ResourceManagerEditGroup	Initiator	Direct Assignment to ResourceManagerEditGroup as Initiator.
Direct	Workflow	TemporaryGroupMembership	Initiator	Direct Assignment to TemporaryGroupMembership as Initiator.
Direct	Workflow	PersonEditNonResourceManager	Initiator	Direct Assignment to PersonEditNonResourceManager as Initiator.
Direct	Workflow	CreatePeopleFromFile	Initiator	Direct Assignment to CreatePeopleFromFile as Initiator.
Direct	Workflow	CreatePerson	Initiator	Direct Assignment to CreatePerson as Initiator.
Direct	Workflow	UpdateResourceTags	Initiator	Direct Assignment to UpdateResourceTags as Initiator.
Direct	Workflow	PersonPhotoApproval	Initiator	Direct Assignment to PersonPhotoApproval as Initiator.
Direct	Workflow	UpdateGroupAccountMembership	Initiator	Direct Assignment to UpdateGroupAccountMembership as Initiator.
Direct	Workflow	UpdatePersonRelationships	Initiator	Direct Assignment to UpdatePersonRelationships as Initiator.
Direct	Workflow	UpdatePersonBusinessRoles	Initiator	Direct Assignment to UpdatePersonBusinessRoles as Initiator.
Direct	Workflow	UpdateResourceLocations	Initiator	Direct Assignment to UpdateResourceLocations as Initiator.
Direct	Workflow	DisableMultiplePeopleWF	Initiator	Direct Assignment to DisableMultiplePeopleWF as Initiator.
Direct	Workflow	EditPersonPhotoApproval	Initiator	Direct Assignment to EditPersonPhotoApproval as Initiator.
Direct	Workflow	DeleteMultiplePeopleWF	Initiator	Direct Assignment to DeleteMultiplePeopleWF as Initiator.
Direct	Workflow	UpdatePersonGroupMembership	Initiator	Direct Assignment to UpdatePersonGroupMembership as Initiator.

Partner User

Provides limited access for partner users, typically password self-service and access to SSO applications. Can only see object in the partner organization.

Assignment Type	Resource Type	Resource	Access Level	Assignment Description
Direct	Control (User Interface)	Person Resource Type Drop-down Item	Viewer	Direct Assignment to Person Resource Type Drop-down Item as Viewer.
Direct	Pages and Reports	View Self Page	Viewer	Direct Assignment to View Self Page as Viewer.
Direct	Pages and Reports	Edit Self Page	Viewer	Direct Assignment to Edit Self Page as Viewer.
Direct	Workflow	PersonPhotoApproval	Initiator	Direct Assignment to PersonPhotoApproval as Initiator.
Direct	Workflow	RequestDecisions	Initiator	Direct Assignment to RequestDecisions as Initiator.
Direct	Workflow	PersonEditNonResourceManager	Initiator	Direct Assignment to PersonEditNonResourceManager as Initiator.

Provisioning Requestor

Grants access to the provisioning/joiner, mover, and deprovisioning/leaver request workflows. This role is often assigned to HR personnel.

Assignment Type	Resource Type	Resource	Access Level	Assignment Description
Direct	Pages and Reports	Create Person Simple	Viewer	Direct Assignment to Create Person Simple as Viewer.
Direct	Pages and Reports	Person Onboarding	Viewer	Direct Assignment to Person Onboarding as Viewer.
Direct	Pages and Reports	Person Terminations	Viewer	Direct Assignment to Person Terminations as Viewer.
Direct	Workflow	ChangePrimaryOrgRoleOrgZone	Initiator	Direct Assignment to ChangePrimaryOrgRoleOrgZone as Initiator.
Direct	Workflow	ChangePrimaryBusinessRoleLocationSimpleUI	Initiator	Direct Assignment to ChangePrimaryBusinessRoleLocationSimpleUI as Initiator.
Direct	Workflow	DeleteMultiplePeopleWf	Initiator	Direct Assignment to DeleteMultiplePeopleWf as Initiator.
Direct	Workflow	DisableMultiplePeopleWf	Initiator	Direct Assignment to DisableMultiplePeopleWf as Initiator.
Direct	Workflow	RehireCheckWorkflow	Initiator	Direct Assignment to RehireCheckWorkflow as Initiator.

Self-Service User

User with this Management Role can perform self-service tasks related to their passwords and profiles.

Assignment Type	Resource Type	Resource	Access Level	Assignment Description
Scoped At Location	Asset Request	N/A	Requestor	Assignment to any Asset Request as Requestor scoped at Anywhere.
Scoped At Location	Access Request	N/A	Requestor	Assignment to any Access Request as Requestor scoped at Anywhere.
Scoped At Location	Audit	N/A	Reviewer	Assignment to Reviewer scoped at EmpowerID System.
Scoped At Location	Person	N/A	Can Use In Access Assignment	Assignment to any Person as Can Use In Access Assignment scoped at EmpowerID System.
Scoped At Location	Person	N/A	Can Use In Access Assignment	Assignment to any Person as Can Use In Access Assignment scoped at Anywhere.
Scoped At Location	User Account	N/A	Can Use In Access Assignment	Assignment to any User Account as Can Use In Access Assignment scoped at Anywhere.
Scoped At Location	Group (Generic)	N/A	Can Use In Access Assignment	Assignment to any Group (Generic) as Can Use In Access Assignment scoped at Anywhere.
Scoped At Location	Group (Security)	N/A	Can Use In Access Assignment	Assignment to any Group (Security) as Can Use In Access Assignment scoped at Anywhere.
Scoped At Location	Group (Distribution)	N/A	Can Use In Access Assignment	Assignment to any Group (Distribution) as Can Use In Access Assignment scoped at Anywhere.
Scoped At Location	Query-Based Collection (SetGroup)	N/A	Can Use In Access Assignment	Assignment to any Query-Based Collection (SetGroup) as Can Use In Access Assignment scoped at Anywhere.
Scoped At Location	Query-Based Collection (SetGroup)	N/A	Can Use In Access Assignment	Assignment to any Query-Based Collection (SetGroup) as Can Use In Access Assignment scoped at EmpowerID System.
Scoped At Location	Business Role	N/A	Can Use In Access Assignment	Assignment to any Business Role as Can Use In Access Assignment scoped at EmpowerID System.
Scoped At Location	Business Role	N/A	Can Use In Access Assignment	Assignment to any Business Role as Can Use In Access Assignment scoped at Anywhere.
Scoped At Location	Location	N/A	Can Use In Access Assignment	Assignment to any Location as Can Use In Access Assignment scoped at EmpowerID System.
Scoped At Location	Location	N/A	Can Use In Access Assignment	Assignment to any Location as Can Use In Access Assignment scoped at Anywhere.
Direct	Control (User Interface)	My Workspace: Home	Viewer	Direct assignment to My Workspace: Home as Viewer.
Direct	Control (User Interface)	My Workspace: SSO Applications	Viewer	Direct Assignment to My Workspace: SSO Applications To Account.
Direct	Control (User Interface)	My Workspace: My Resource Operation Decisions	Viewer	Direct Assignment to My Workspace: MY Resource Operation Decisions To Account.
Direct	Control (User Interface)	My Workspace: Protected SSO Applications	Viewer	Direct Assignment to My Workspace: Protected SSO Applications To Account.
Direct	Control (User Interface)	My Workspace: My Security Assignments	Viewer	Direct Assignment to My Workspace: My Security Assignments To Account.
Direct	Control (User Interface)	My Workspace: My Workflow Decisions	Viewer	Direct Assignment to My Workspace: My Workflow Decisions To Account.
Direct	Control (User Interface)	My Workspace: Task List	Viewer	Direct Assignment to My Workspace: Task List To Account.
Direct	Control (User Interface)	My Workspace: My Resultant Access	Viewer	Direct Assignment to My Workspace: My Resultant Access To Account.
Direct	Control (User Interface)	My Workspace: My Security Assignments	Viewer	Direct Assignment to My Workspace: My Security Assignments To Account.
Direct	Location	Default Organization	Viewer	Direct assignment to Default Organization as Viewer.
Direct	Organization	Default Organization	Viewer	Direct assignment to Default Organization as Viewer.
Direct	Pages and Reports (User Interface)	Change Password Standalone Workflow	Viewer	Direct assignment to Change Password Standalone Workflow as Viewer.
Direct	Pages and Reports (User Interface)	IT Shop	Viewer	Direct assignment to IT Shop as Viewer.
Direct	Pages and Reports (User Interface)	User Compliance Dashboard	Viewer	Direct assignment to User Compliance Dashboard as Viewer.
Direct	Pages and Reports (User Interface)	White Pages	Viewer	Direct assignment to White Pages as Viewer.
Direct	Pages and Reports (User Interface)	Edit Self Page	Viewer	Direct assignment to Edit Self Page as Viewer.
Direct	Pages and Reports (User Interface)	Enrollment Standalone Workflow	Viewer	Direct assignment to Enrollment Standalone Workflow as Viewer.
Direct	Web Service	LoginService	Executor	Direct assignment to LoginService as Executor.
Direct	Web Service	LoginService.HasRightsToCall	Executor	Direct assignment to LoginService.HasRightsToCall as Executor.
Direct	Web Service	LoginService.RunLoginWorkflow	Executor	Direct assignment to LoginService.RunLoginWorkflow asExecutor.
Direct	Workflow	RequestOathToken	Initiator	Direct assignment to Request Workflow: RequestOathToken as Initiator.
Direct	Workflow	UpdateDirectAssignmentTimeConstraint	Initiator	Direct assignment to Request Workflow: UpdateDirectAssignmentTimeConstraint as Initiator.
Direct	Workflow	PersonPhotoApproval	Initiator	Direct assignment to Request Workflow: PersonPhotoApproval as Initiator.
Direct	Workflow	SubmitSingleSodViolationResponse	Initiator	Direct assignment to Request Workflow: SubmitSingleSodViolationResponse as Initiator.
Direct	Workflow	BulkAddRemoveExchangeMailboxEmailAddresses	Initiator	Direct assignment to Request Workflow: BulkAddRemoveExchangeMailboxEmailAddresses as Initiator.
Direct	Workflow	SubmitSingleAttestationResponse	Initiator	Direct assignment to Request Workflow: SubmitSingleAttestationResponse as Initiator.
Direct	Workflow	UpdateManagementRoleAssignments	Initiator	Direct assignment to Request Workflow: UpdateManagementRoleAssignments as Initiator.
Direct	Workflow	ClaimBusinessProcessTask	Initiator	Direct assignment to Request Workflow: ClaimBusinessProcessTask as Initiator.
Direct	Workflow	ChangePersonBusinessRoleAndLocation	Initiator	Direct assignment to Request Workflow: ChangePersonBusinessRoleAndLocation as Initiator.
Direct	Workflow	ProcessAttestationDecision	Initiator	Direct assignment to Request Workflow: ProcessAttestationDecision as Initiator.
Direct	Workflow	UpdatePersonManagementRoles	Initiator	Direct assignment to Request Workflow: UpdatePersonManagementRoles as Initiator.
Direct	Workflow	AuthenticationLevel2OATHLogin	Initiator	Direct assignment to Request Workflow: AuthenticationLevel2OATHLogin as Initiator.
Direct	Workflow	UpdateResourceAssignmentsByResource	Initiator	Direct assignment to Request Workflow: UpdateResourceAssignmentsByResource as Initiator.
Direct	Workflow	UpdateGroupAccountMembership	Initiator	Direct assignment to Request Workflow: UpdateGroupAccountMembership as Initiator.
Direct	Workflow	SendPersonOneTimePassword	Initiator	Direct assignment to Request Workflow: SendPersonOneTimePassword as Initiator.
Direct	Workflow	EditPasswordVaultAccount	Initiator	Direct assignment to Request Workflow: EditPasswordVaultAccount as Initiator.
Direct	Workflow	ResetPasswordValutAccountPassword	Initiator	Direct assignment to Request Workflow: ResetPasswordValutAccountPassword as Initiator.
Direct	Workflow	ClaimPasswordVaultAccount	Initiator	Direct assignment to Request Workflow: ClaimPasswordVaultAccount as Initiator.
Direct	Workflow	UpdatePersonRelationships	Initiator	Direct assignment to Request Workflow: UpdatePersonRelationships as Initiator.
Direct	Workflow	UpdatePersonAccounts	Initiator	Direct assignment to Request Workflow: UpdatePersonAccounts as Initiator.
Direct	Workflow	UpdateGroupMemberGroups	Initiator	Direct assignment to Request Workflow: UpdateGroupMemberGroups as Initiator.
Direct	Workflow	UpdatePersonBusinessRoles	Initiator	Direct assignment to Request Workflow: UpdatePersonBusinessRoles as Initiator.
Direct	Workflow	UpdateResourceLocations	Initiator	Direct assignment to Request Workflow: UpdateResourceLocations as Initiator.
Direct	Workflow	UpdateResourceAssignments	Initiator	Direct assignment to Request Workflow: UpdateResourceAssignments as Initiator.
Direct	Workflow	UpdateResourceTags	Initiator	Direct assignment to Request Workflow: UpdateResourceTags as Initiator.
Direct	Workflow	UpdatePersonAssets	Initiator	Direct assignment to Request Workflow: UpdatePersonAssets as Initiator.
Direct	Workflow	UpdateAccountGroupMembership	Initiator	Direct assignment to Request Workflow: UpdateAccountGroupMembership as Initiator.
Direct	Workflow	UpdatePersonManagementRoleAssignments	Initiator	Direct assignment to Request Workflow: UpdatePersonManagementRoleAssignments as Initiator.
Direct	Workflow	UnclaimResourceAttestation	Initiator	Direct assignment to Request Workflow: UnclaimResourceAttestation as Initiator.
Direct	Workflow	ClaimResourceAttestation	Initiator	Direct assignment to Request Workflow: ClaimResourceAttestation as Initiator.
Direct	Workflow	CreateGenericAsset	Initiator	Direct assignment to Request Workflow: CreateGenericAsset as Initiator.
Direct	Workflow	AddResourceAttestationComment	Initiator	Direct assignment to Request Workflow: AddResourceAttestationComment as Initiator.
Direct	Workflow	AddBusinessProcessTaskComment	Initiator	Direct assignment to Request Workflow: AddBusinessProcessTaskComment as Initiator.
Direct	Workflow	UnclaimBusinessProcessTaskComment	Initiator	Direct assignment to Request Workflow: UnclaimBusinessProcessTaskComment as Initiator.
Direct	Workflow	ClaimBusinessProcessTaskComment	Initiator	Direct assignment to Request Workflow: ClaimBusinessProcessTaskComment as Initiator.
Direct	Workflow	RemoveBusinessProcessTaskDelegate	Initiator	Direct assignment to Request Workflow: RemoveBusinessProcessTaskDelegate as Initiator.
Direct	Workflow	SetBusinessProcessTaskDelegate	Initiator	Direct assignment to Request Workflow: SetBusinessProcessTaskDelegate as Initiator.
Direct	Workflow	RequestManagementRole	Initiator	Direct assignment to Request Workflow: RequestManagementRole as Initiator.
Direct	Workflow	SelfServiceRequestManagementRole	Initiator	Direct assignment to Request Workflow: SelfServiceRequestManagementRole as Initiator.
Direct	Workflow	ProvisionAssetForPerson	Initiator	Direct assignment to Request Workflow: ProvisionAssetForPerson as Initiator.
Direct	Workflow	DeleteOwnSSOAccount	Initiator	Direct assignment to Request Workflow: DeleteOwnSSOAccount as Initiator.
Direct	Workflow	SelfServiceRequestApplicationRole	Initiator	Direct assignment to Request Workflow: SelfServiceRequestApplicationRole as Initiator.
Direct	Workflow	UpdatePersonManagementRoles	Initiator	Direct assignment to Request Workflow: UpdatePersonManagementRoles as Initiator.
Direct	Workflow	UpdatePersonDirectAssignment	Initiator	Direct assignment to Request Workflow: UpdatePersonDirectAssignment as Initiator.
Direct	Workflow	UpdateAssignments	Initiator	Direct assignment to Request Workflow: UpdateAssignments as Initiator.
Direct	Workflow	CreateAsset	Initiator	Direct assignment to Request Workflow: CreateAsset as Initiator.
Direct	Workflow	CreateLaptopAsset	Initiator	Direct assignment to Request Workflow: CreateLaptopAsset as Initiator.
Direct	Workflow	CreateAssetMailbox	Initiator	Direct assignment to Request Workflow: CreateAssetMailbox as Initiator.
Direct	Workflow	CreatePerson	Initiator	Direct assignment to Request Workflow: CreatePerson as Initiator.
Direct	Workflow	AddCommentToTask	Initiator	Direct assignment to Request Workflow: AddCommentToTask as Initiator.
Direct	Workflow	CreateApplicationUser	Initiator	Direct assignment to Request Workflow: CreateApplicationUser as Initiator.
Direct	Workflow	ResumeWorkflows	Initiator	Direct assignment to Request Workflow: ResumeWorkflows as Initiator.
Direct	Workflow	Enrollment	Initiator	Direct assignment to Request Workflow: Enrollment as Initiator.
Direct	Workflow	ProfileManager	Initiator	Direct assignment to Request Workflow: ProfileManager as Initiator.
Direct	Workflow	PasswordResetCenter	Initiator	Direct assignment to Request Workflow: PasswordResetCenter as Initiator.
Direct	Workflow	ChangePassword	Initiator	Direct assignment to Request Workflow: ChangePassword as Initiator.
Direct	Workflow	RegisterAccount	Initiator	Direct assignment to Request Workflow: RegisterAccount as Initiator.
Direct	Workflow	ClaimSSOAccount	Initiator	Direct assignment to Request Workflow: ClaimSSOAccount as Initiator.
Direct	Workflow	EditPersonPhotoApproval	Initiator	Direct assignment to Request Workflow: EditPersonPhotoApproval as Initiator.
Direct	Workflow	AuthenticationLevel2Login	Initiator	Direct assignment to Request Workflow: AuthenticationLevel2Login as Initiator.
Direct	Workflow	AuthenticationLevel3Login	Initiator	Direct assignment to Request Workflow: AuthenticationLevel3Login as Initiator.
Direct	Workflow	AuthenticationLevel4Login	Initiator	Direct assignment to Request Workflow: AuthenticationLevel4Login as Initiator.
Direct	Workflow	Login	Initiator	Direct assignment to Request Workflow: Login as Initiator.
Direct	Workflow	AssignAssetToPerson	Initiator	Direct assignment to Request Workflow: AssignAssetToPerson as Initiator.
Direct	Workflow	RequestDecisions	Initiator	Direct assignment to Request Workflow: RequestDecisions as Initiator.
Direct	Workflow	ProcessAttestationDecision	Initiator	Direct assignment to Request Workflow: ProcessAttestationDecision as Initiator.
Direct	Workflow	UpdatePersonManagementRoles	Initiator	Direct assignment to Request Workflow: UpdatePersonManagementRoles as Initiator.
Direct	Workflow	CheckOutAccountVaultedPassword	Initiator	Direct assignment to Request Workflow: CheckOutAccountVaultedPassword as Initiator.
Direct	Workflow	ChangePersonBusinessRoleAndLocation	Initiator	Direct assignment to Request Workflow: ChangePersonBusinessRoleAndLocation as Initiator.
Direct	Workflow	ClaimBusinessProcessTask	Initiator	Direct assignment to Request Workflow: ClaimBusinessProcessTask as Initiator.
Direct	Workflow	RemoveBusinessProcessTaskDelegate	Initiator	Direct assignment to Request Workflow: RemoveBusinessProcessTaskDelegate as Initiator.
Direct	Workflow	SetBusinessProcessTaskDelegate	Initiator	Direct assignment to Request Workflow: SetBusinessProcessTaskDelegate as Initiator.
Direct	Workflow	ClaimPasswordVaultAccount	Initiator	Direct assignment to Request Workflow: ClaimPasswordVaultAccount as Initiator.
Direct	Workflow	ClaimAccount	Initiator	Direct assignment to Request Workflow: ClaimAccount as Initiator.
Direct	Workflow	ViewPerson	Initiator	Direct assignment to Request Workflow: ViewPerson as Initiator.
Direct	Workflow	UnenrollPerson	Initiator	Direct assignment to Request Workflow: UnenrollPerson as Initiator.
Direct	Workflow	UpdatePersonApplicationGroupMembership	Initiator	Direct assignment to Request Workflow: UpdatePersonApplicationGroupMembership as Initiator.
Direct	Workflow	TerminateWorkflow	Initiator	Direct assignment to Request Workflow: TerminateWorkflow as Initiator.
Direct	Workflow	UnclaimSSOAccount	Initiator	Direct assignment to Request Workflow: UnclaimSSOAccount as Initiator.
Direct	Workflow	ClaimSSOAccount	Initiator	Direct assignment to Request Workflow: ClaimSSOAccount as Initiator.
Direct	Workflow	UpdatePersonManagementRoleAssignments	Initiator	Direct assignment to Request Workflow: UpdatePersonManagementRoleAssignments as Initiator.
Direct	Workflow	SelfServicePersonLeaveGroup	Initiator	Direct assignment to Request Workflow: SelfServicePersonLeaveGroup as Initiator.
Direct	Workflow	SelfServicePersonJoinGroup	Initiator	Direct assignment to Request Workflow: SelfServicePersonJoinGroup as Initiator.
Direct	Workflow	SelfServiceAccountJoinGroup	Initiator	Direct assignment to Request Workflow: SelfServiceAccountJoinGroup as Initiator.
Direct	Workflow	EditManagementRoleNoUI	Initiator	Direct assignment to Request Workflow: EditManagementRoleNoUI as Initiator.
Direct	Workflow	PersonEditNonResourceManager	Initiator	Direct assignment to Request Workflow: PersonEditNonResourceManager as Initiator.
Direct	Workflow	PasswordResetCenterOTP	Initiator	Direct assignment to Request Workflow: PasswordResetCenterOTP as Initiator.
Direct	Workflow	AddRbacResourceRoleAssignment	Initiator	Direct assignment to Request Workflow: AddRbacResourceRoleAssignment as Initiator.
Direct	Workflow	ResourceManagerUpdateProtectedApplicationResource	Initiator	Direct assignment to Request Workflow: ResourceManagerUpdateProtectedApplicationResource as Initiator.
Direct	Workflow	EmailLostUsername	Initiator	Direct assignment to Request Workflow: EmailLostUsername as Initiator.
Direct	Workflow	AssetAccessRequest	Initiator	Direct assignment to Request Workflow: AssetAccessRequest as Initiator.
Direct	Workflow	AssetAccessRequestSelfService	Initiator	Direct assignment to Request Workflow: AssetAccessRequestSelfService as Initiator.
Direct	Workflow	ResourceManagerAccountUpdate	Initiator	Direct assignment to Request Workflow: ResourceManagerAccountUpdate as Initiator.
Direct	Workflow	ResourceManagerUpdateMailbox	Initiator	Direct assignment to Request Workflow: ResourceManagerUpdateMailbox as Initiator.
Direct	Workflow	ResourceManagerEditGroup	Initiator	Direct assignment to Request Workflow: ResourceManagerEditGroup as Initiator.
Direct	Workflow	AddResourceRole	Initiator	Direct assignment to Request Workflow: AddResourceRole as Initiator.
Direct	Workflow	Enroll	Initiator	Direct assignment to Request Workflow: Enroll as Initiator.
Direct	Workflow	UpdatePersonGroupMembership	Initiator	Direct assignment to Request Workflow: UpdatePersonGroupMembership as Initiator.
Direct	Workflow	AssetProvisionSelfService	Initiator	Direct assignment to Request Workflow: AssetProvisionSelfService as Initiator.

Self-Service Limited

Grants limited access. Typically includes password self-service.

Assignment Type	Resource Type	Resource	Access Level	Assignment Description
Direct	Control (User Interface)	Global Flyout menu	Viewer	Direct Assignment to Global Flyout Menu as Viewer.
Direct	Control (User Interface)	IT Shop Workflows	Viewer	Direct Assignment to IT Shop Workflows as Viewer.
Direct	Control (User Interface)	SharePoint Claims Picker	Viewer	Direct Assignment to SharePoint Claims Picker as Viewer.
Direct	Pages and Reports	Enrollment Standalone Workflow Page	Viewer	Direct Assignment to Enrollment Standalone Workflow Page as Viewer.
Direct	Pages and Reports	Change Password Standalone Workflow Page	Viewer	Direct Assignment to Change Password Workflow Page as Viewer.
Direct	Workflow	Login	Initiator	Direct Assignment to Login as Initiator.
Direct	Workflow	ResumeWorkflows	Initiator	Direct Assignment to ResumeWorkflows as Initiator.
Direct	Workflow	AuthenticationLevel2OATHLogin	Initiator	Direct Assignment to AuthenticationLevel2OATHLogin as Initiator.
Direct	Workflow	RequestOathToken	Initiator	Direct Assignment to RequestOathToken as Initiator.

SSO Application Developer

Users with this Management Role can create and manage apps and SSO connections.

Assignment Type	Resource Type	Resource	Access Level	Assignment Description
Direct	Control (User Interface)	Shopping Cart	Viewer	Direct Assignment to Shopping Cart as Viewer.
Direct	Pages and Reports	FindProtectedApplicationResourceApplication Page	Viewer	Direct Assignment to FindProtectedApplicationResourceApplication Page as Viewer.
Direct	Pages and Reports	Create Application Page	Viewer	Direct Assignment to Create Application Page as Viewer.
Direct	Pages and Reports	View Group Page	Viewer	Direct Assignment to View Group Page as Viewer.
Direct	Pages and Reports	Create SAML AuthN Request	Viewer	Direct Assignment to Create SAML AuthN Request as Viewer.
Direct	Workflow	CreateApplication	Initiator	Direct Assignment to CreateApplication as Initiator.
Direct	Workflow	EditSAMLSingleSignOn	Initiator	Direct Assignment to EditSAMLSingleSignOn as Initiator.
Direct	Workflow	UpdateApplication	Initiator	Direct Assignment to UpdateApplication as Initiator.
Direct	Workflow	UpdateAssignments	Initiator	Direct Assignment to UpdateAssignments as Initiator.

SSO Apps Full Access

Grants full access to the SSO and vaulted credential workflows and user interfaces to allow a user to sign in to SSO applications.

Assignment Type	Resource Type	Resource	Access Level	Assignment Description
Direct	Control (User Interface)	Shared Credentials Tab	Viewer	Direct Assignment to Shared Credentials Tab as Viewer.
Direct	Pages and Reports	SSO Applications Page	Viewer	Direct Assignment to SSO Applications Page as Viewer.
Direct	Pages and Reports	Saved Credentials Page	Viewer	Direct Assignment to Saved Credentials Page as Viewer.
Direct	Workflow	ClaimSSOAccount	Initiator	Direct Assignment to ClaimSSOAccount as Initiator.
Direct	Workflow	DeleteOwnSSOAccount	Initiator	Direct Assignment to DeleteOwnSSOAccount as Initiator.
Direct	Workflow	UpdatePersonSecrets	Initiator	Direct Assignment to UpdatePersonSecrets as Initiator.
Direct	Workflow	EditFormsSSOCredentials	Initiator	Direct Assignment to EditFormsSSOCredentials as Initiator.
Direct	Workflow	UpdateFormsSSOCredentialSharedPeople	Initiator	Direct Assignment to UpdateFormsSSOCredentialSharedPeople as Initiator.
Direct	Workflow	UpdateExternalCredentials	Initiator	Direct Assignment to UpdateExternalCredentials as Initiator.
Direct	Workflow	UpdateExternalCredentialSharedPeople	Initiator	Direct Assignment to UpdateExternalCredentialSharedPeople as Initiator.
Direct	Workflow	ResetMasterPassword	Initiator	Direct Assignment to ResetMasterPassword as Initiator.

SSO Apps Limited Access

Grants limited access to the SSO and vaulted credential workflows and user interfaces to allow a user to sign in to SSO applications.

Assignment Type	Resource Type	Resource	Access Level	Assignment Description
Direct	Pages and Reports	SSO Applications Page	Viewer	Direct Assignment to SSO Applications Page as Viewer.
Direct	Workflow	ClaimSSOAccount	Initiator	Direct Assignment to ClaimSSOAccount as Initiator.
Direct	Workflow	DeleteOwnSSOAccount	Initiator	Direct Assignment to DeleteOwnSSOAccount as Initiator.
Direct	Workflow	UpdatePersonSecrets	Initiator	Direct Assignment to UpdatePersonSecrets as Initiator.
Direct	Workflow	EditFormsSSOCredentials	Initiator	Direct Assignment to EditFormsSSOCredentials as Initiator.
Direct	Workflow	UpdateFormsSSOCredentialSharedPeople	Initiator	Direct Assignment to UpdateFormsSSOCredentialSharedPeople as Initiator.
Direct	Workflow	ResetMasterPassword	Initiator	Direct Assignment to ResetMasterPassword as Initiator.

SSRS Administrator

Microsoft SQL Server Reporting Services Administrator.

SSRS Developer

Microsoft SQL Server Reporting Services Developer.

SSRS Security Administrator

Microsoft SQL Server Reporting Services Security Administrator.

SSRS Viewer

Microsoft SQL Server Reporting Services View.

Testing Role

This Management Role grants users the ability to see all EmpowerID user interfaces as well as the ability to initiate any workflow.

Assignment Type	Resource Type	Resource	Access Level	Assignment Description
Scoped At Location	Access Request	N/A	Requestor	Assignment to any Access Request as Requestor scoped at EmpowerID System.
Scoped At Location	Asset Request	N/A	Requestor	Assignment to any Asset Request as Requestor scoped at EmpowerID System.
Scoped At Location	Control (User Interface)	N/A	Viewer	Assignment to any Control (User Interface) as Viewer scoped at EmpowerID System.
Scoped At Location	Pages and Reports	N/A	Viewer	Assignment to any Pages and Reports as Viewer scoped at EmpowerID System.
Scoped At Location	Workflow	N/A	Initiator	Assignment to any Workflow as Initiator scoped at EmpowerID System.
Direct	Control (User Interface)	Global Person Search Box	Viewer	Direct assignment to Global Person Search Box as Viewer.
Direct	Pages and Reports	User Compliance Dashboard	Viewer	Direct assignment to User Compliance Dashboard as Initiator.
Direct	Pages and Reports	Change Password Standalone Workflow	Viewer	Direct assignment to Change Password Standalone Workflow as Initiator.
Direct	Pages and Reports	Enrollment Standalone Workflow	Viewer	Direct assignment to Enrollment Standalone Workflow as Initiator.
Direct	Pages and Reports	IT Shop	Viewer	Direct assignment to IT Shop as Initiator.
Direct	Web Service	LoginService	Executor	Direct assignment to LoginService as Executor.
Direct	Web Service	LoginService.HasRightsToCall	Executor	Direct assignment to LoginService.HasRightsToCall as Executor.
Direct	Web Service	LoginService.RunLoginWorkflow	Executor	Direct assignment to LoginService.RunLoginWorkflow as Executor.
Direct	Workflow	AddRbacResourceRoleAssignment	Initiator	Direct assignment to AddRbacResourceRoleAssignment as Initiator.
Direct	Workflow	AddResourceAttestationComment	Initiator	Direct assignment to AddResourceAttestationComment as Initiator.
Direct	Workflow	AddResourceRole	Initiator	Direct assignment to AddResourceRole as Initiator.
Direct	Workflow	AssetAccessRequest	Initiator	Direct assignment to AssetAccessRequest as Initiator.
Direct	Workflow	AssetAccessRequestSelfService	Initiator	Direct assignment to AssetAccessRequestSelfService as Initiator.
Direct	Workflow	AssetProvisionSelfService	Initiator	Direct assignment to AssetProvisionSelfService as Initiator.
Direct	Workflow	AuthenticationLevel2OATHLogin	Initiator	Direct assignment to AuthenticationLevel2OATHLogin as Initiator.
Direct	Workflow	BulkAddRemoveExchangeMailboxEmailAddresses	Initiator	Direct assignment to BulkAddRemoveExchangeMailboxEmailAddresses as Initiator.
Direct	Workflow	ChangePassword	Initiator	Direct assignment to ChangePassword as Initiator.
Direct	Workflow	ClaimAccount	Initiator	Direct assignment to ClaimAccount as Initiator.
Direct	Workflow	ClaimBusinessProcessTask	Initiator	Direct assignment to ClaimBusinessProcessTask as Initiator.
Direct	Workflow	ClaimPasswordVaultAccount	Initiator	Direct assignment to ClaimPasswordVaultAccount as Initiator.
Direct	Workflow	ClaimResourceAttestation	Initiator	Direct assignment to ClaimResourceAttestation as Initiator.
Direct	Workflow	ClaimSSOAccount	Initiator	Direct assignment to ClaimSSOAccount as Initiator.
Direct	Workflow	CreateAsset	Initiator	Direct assignment to CreateAsset as Initiator.
Direct	Workflow	CreateAssetMailbox	Initiator	Direct assignment to CreateAssetMailbox as Initiator.
Direct	Workflow	CreateGenericAsset	Initiator	Direct assignment to CreateGenericAsset as Initiator.
Direct	Workflow	CreateLaptopAsset	Initiator	Direct assignment to CreateLaptopAsset as Initiator.
Direct	Workflow	CreatePerson	Initiator	Direct assignment to CreatePerson as Initiator.
Direct	Workflow	DeleteOwnSSOAccount	Initiator	Direct assignment to DeleteOwnSSOAccount as Initiator.
Direct	Workflow	EditManagementRoleNoUI	Initiator	Direct assignment to EditManagementRoleNoUI as Initiator.
Direct	Workflow	EditPasswordVaultAccount	Initiator	Direct assignment to EditPasswordVaultAccount as Initiator.
Direct	Workflow	Enroll	Initiator	Direct assignment to Enroll as Initiator.
Direct	Workflow	Enrollment	Initiator	Direct assignment to Enrollment as Initiator.
Direct	Workflow	Login	Initiator	Direct assignment to Login as Initiator.
Direct	Workflow	PasswordResetCenter	Initiator	Direct assignment to PasswordResetCenter as Initiator.
Direct	Workflow	PasswordResetCenterOTP	Initiator	Direct assignment to PasswordResetCenterOTP as Initiator.
Direct	Workflow	PersonEditNonResourceManager	Initiator	Direct assignment to PersonEditNonResourceManager as Initiator.
Direct	Workflow	PersonPhotoApproval	Initiator	Direct assignment to PersonPhotoApproval as Initiator.
Direct	Workflow	ProfileManager	Initiator	Direct assignment to ProfileManager as Initiator.
Direct	Workflow	ProvisionAssetForPerson	Initiator	Direct assignment to ProvisionAssetForPerson as Initiator.
Direct	Workflow	RemoveBusinessProcessTaskDelegate	Initiator	Direct assignment to RemoveBusinessProcessTaskDelegate as Initiator.
Direct	Workflow	RequestOathToken	Initiator	Direct assignment to RequestOathToken as Initiator.
Direct	Workflow	ResetPasswordVaultAccountPassword	Initiator	Direct assignment to ResetPasswordVaultAccountPassword as Initiator.
Direct	Workflow	ResourceManagerAccountUpdate	Initiator	Direct assignment to ResourceManagerAccountUpdate as Initiator.
Direct	Workflow	ResourceManagerEditGroup	Initiator	Direct assignment to ResourceManagerEditGroup as Initiator.
Direct	Workflow	ResourceManagerUpdateMailbox	Initiator	Direct assignment to ResourceManagerUpdateMailbox as Initiator.
Direct	Workflow	ResourceManagerUpdateProtectedApplicationResource	Initiator	Direct assignment to ResourceManagerUpdateProtectedApplicationResource as Initiator.
Direct	Workflow	ResumeWorkflows	Initiator	Direct assignment to ResumeWorkflows as Initiator.
Direct	Workflow	SelfServiceAccountJoinGroup	Initiator	Direct assignment to SelfServiceAccountJoinGroup as Initiator.
Direct	Workflow	SelfServicePersonJoinGroup	Initiator	Direct assignment to SelfServicePersonJoinGroup as Initiator.
Direct	Workflow	SelfServicePersonLeaveGroup	Initiator	Direct assignment to SelfServicePersonLeaveGroup as Initiator.
Direct	Workflow	SendPersonOneTimePassword	Initiator	Direct assignment to SendPersonOneTimePassword as Initiator.
Direct	Workflow	SetBusinessProcessTaskDelegate	Initiator	Direct assignment to SetBusinessProcessTaskDelegate as Initiator.
Direct	Workflow	SubmitSingleAttestationResponse	Initiator	Direct assignment to SubmitSingleAttestationResponse as Initiator.
Direct	Workflow	SubmitSingleSodViolationResponse	Initiator	Direct assignment to SubmitSingleSodViolationResponse as Initiator.
Direct	Workflow	TerminateWorkflow	Initiator	Direct assignment to TerminateWorkflow as Initiator.
Direct	Workflow	UnclaimBusinessProcessTask	Initiator	Direct assignment to UnclaimBusinessProcessTask as Initiator.
Direct	Workflow	UnclaimResourceAttestation	Initiator	Direct assignment to UnclaimResourceAttestation as Initiator.
Direct	Workflow	UnclaimSSOAccount	Initiator	Direct assignment to UnclaimSSOAccount as Initiator.
Direct	Workflow	UnenrollPerson	Initiator	Direct assignment to UnenrollPerson as Initiator.
Direct	Workflow	UpdateAccountGroupMembership	Initiator	Direct assignment to UpdateAccountGroupMembership as Initiator.
Direct	Workflow	UpdateAssignments	Initiator	Direct assignment to UpdateAssignments as Initiator.
Direct	Workflow	UpdateDirectAssignmentTimeConstraint	Initiator	Direct assignment to UpdateDirectAssignmentTimeConstraint as Initiator.
Direct	Workflow	UpdateGroupAccountAssignment	Initiator	Direct assignment to UpdateGroupAccountAssignment as Initiator.
Direct	Workflow	UpdateGroupMemberGroups	Initiator	Direct assignment to UpdateGroupMemberGroups as Initiator.
Direct	Workflow	UpdateManagementRoleAssignments	Initiator	Direct assignment to UpdateManagementRoleAssignments as Initiator.
Direct	Workflow	UpdatePersonAccounts	Initiator	Direct assignment to UpdatePersonAccounts as Initiator.
Direct	Workflow	UpdatePersonAssets	Initiator	Direct assignment to UpdatePersonAssets as Initiator.
Direct	Workflow	UpdatePersonBusinessRoles	Initiator	Direct assignment to UpdatePersonBusinessRoles as Initiator.
Direct	Workflow	UpdatePersonDirectAssignment	Initiator	Direct assignment to UpdatePersonDirectAssignment as Initiator.
Direct	Workflow	UpdatePersonGroupMembership	Initiator	Direct assignment to UpdatePersonGroupMembership as Initiator.
Direct	Workflow	UpdatePersonManagementRoleAssignments	Initiator	Direct assignment to UpdatePersonManagementRoleAssignments as Initiator.
Direct	Workflow	UpdatePersonManagementRoles	Initiator	Direct assignment to UpdatePersonManagementRoles as Initiator.
Direct	Workflow	UpdatePersonRelationships	Initiator	Direct assignment to UpdatePersonRelationships as Initiator.
Direct	Workflow	UpdateResourceAssignments	Initiator	Direct assignment to UpdateResourceAssignments as Initiator.
Direct	Workflow	UpdateResourceAssignmentsByResource	Initiator	Direct assignment to UpdateResourceAssignmentsByResource as Initiator.
Direct	Workflow	UpdateResourceLocations	Initiator	Direct assignment to UpdateResourceLocations as Initiator.
Direct	Workflow	UpdateResourceTags	Initiator	Direct assignment to UpdateResourceTags as Initiator.
Direct	Workflow	ViewPerson	Initiator	Direct assignment to ViewPerson as Initiator.

Workflow Task Participant Full Access

Grants full access to the business process task workflows and user interfaces.

Assignment Type	Resource Type	Resource	Access Level	Assignment Description
Direct	Pages and Reports	Request Center Tasks To Do	Viewer	Direct Assignment to Request Center Tasks To Do as Viewer.
Direct	Pages and Reports	Request Center Tasks Done	Viewer	Direct Assignment to Request Center Tasks Done as Viewer.
Direct	Pages and Reports	Request Center Requests My Open	Viewer	Direct Assignment to Request Center Requests My Open as Viewer.
Direct	Pages and Reports	Request Center Requests My Complete	Viewer	Direct Assignment to Request Center Requests My Complete as Viewer.
Direct	Pages and Reports	Request Center Tasks My Reports	Viewer	Direct Assignment to Request Center Tasks My Reports as Viewer.
Direct	Pages and Reports	Request Center Tasks All	Viewer	Direct Assignment to Request Center Tasks All as Viewer.
Direct	Pages and Reports	Activity Stream	Viewer	Direct Assignment to Activity Stream as Viewer.
Direct	Workflow	TerminateWorkflow	Initiator	Direct Assignment to TerminateWorkflow as Initiator.
Direct	Workflow	ResumeWorkflows	Initiator	Direct Assignment to ResurmeWorkflows as Initiator.
Direct	Workflow	AddCommentToTask	Initiator	Direct Assignment to AddCommentToTask as Initiator.
Direct	Workflow	SetBusinessProcessTaskDelegate	Initiator	Direct Assignment to SetBusinessProcessTaskDelegate as Initiator.
Direct	Workflow	RemoveBusinessProcessTaskDelegate	Initiator	Direct Assignment to RemoveBusinessProcessTaskDelegate as Initiator.
Direct	Workflow	ClaimBusinessProcessTask	Initiator	Direct Assignment to ClaimBusinessProcessTask as Initiator.
Direct	Workflow	UnClaimBusinessProcessTask	Initiator	Direct Assignment to UnClaimBusinessProcessTask as Initiator.
Direct	Workflow	AddBusinessProcessTaskComment	Initiator	Direct Assignment to AddBusinessProcessTaskComment as Initiator.

Workflow Task Participant Limited Access

Grants limited access to the business process task workflows and user interfaces.

Assignment Type	Resource Type	Resource	Access Level	Assignment Description
Direct	Pages and Reports	Request Center Tasks To Do	Viewer	Direct Assignment to Request Center Tasks To Do as Viewer.
Direct	Pages and Reports	Request Center Tasks Done	Viewer	Direct Assignment to Request Center Tasks Done as Viewer.
Direct	Pages and Reports	Request Center Requests My Open	Viewer	Direct Assignment to Request Center Requests My Open as Viewer.
Direct	Pages and Reports	Request Center Requests My Complete	Viewer	Direct Assignment to Request Center Requests My Complete as Viewer.
Direct	Pages and Reports	Activity Stream	Viewer	Direct Assignment to Activity Stream as Viewer.
Direct	Workflow	TerminateWorkflow	Initiator	Direct Assignment to TerminateWorkflow as Initiator.
Direct	Workflow	ResumeWorkflows	Initiator	Direct Assignment to ResurmeWorkflows as Initiator.
Direct	Workflow	AddCommentToTask	Initiator	Direct Assignment to AddCommentToTask as Initiator.
Direct	Workflow	RemoveBusinessProcessTaskDelegate	Initiator	Direct Assignment to RemoveBusinessProcessTaskDelegate as Initiator.
Direct	Workflow	AddBusinessProcessTaskComment	Initiator	Direct Assignment to AddBusinessProcessTaskComment as Initiator.

Related Topics
Concepts:
- Understanding EmpowerID RBAC
Administrative Procedures:

Shipping Management Roles

Concepts:

Administrative Procedures: