When you execute a campaign run, EmpowerID creates candidate roles based on how you configured the owing campaign and the campaign run. The goal of this process is to publish the resulting candidate roles into Management Roles. In order to do so, you should review the candidates, select those you wish to keep, discard those you don't (if any) and then publish those candidate roles. When you publish a candidate, EmpowerID creates a Management Role for it that contains the users and entitlements the campaign run produced.
To publish candidate roles
From the Navigation Sidebar, navigate to the Role Mining Campaign page by expanding Role Mining and clicking Role Mining Campaign.
From the Role Mining Campaign page, click the Runs tab and search for the run you want to analyze.
From the grid, click the Display Name link for the run.
From the Role Mining Campaign Details page for the campaign that appears, click the Rolestab. You should see a list of roles generated by the run as well as an Access Matrix.
Select a specific role from the roles grid. You should see that the smaller map on the Access Matrix updates to show the entitlements for the selected role. The entitlements will be color-coded to match the color shown for the run in the Display Name field
Click the arrow above the Role grid to collapse the grid. Doing so enlarges the Access Matrix.
On the map, drag the Viewer control to the color-coded area. You should see the specific users and their access in the matrix.
Selecting a column highlights the specific group and group members.
Click through each of the tabs to view the related data for the candidate.
If you have more than one role returned by the run, selecting multiple roles allow you to compare the similarities and differences between those roles. If you find that two roles are similar, you can chose to publish only one.
If you have previously published a role, you can determine if the candidate role is too similar to be published.
Add a comment to the runs you decide to keep and those you decide to discard. This can be helpful later when reviewing why you made the decision. To do so, click the Edit button for the run in the Roles grid, enter and save your comments.
After selecting the roles you want to publish, you can discover the people and entitlements that will be included in the published Management Role by clicking the Discover button under Discovered People and Discovered Entitlements. When doing so, you can refine percentage used for discovering by setting the % Match value. The default match is 80%, which means that all people with a greater than 80% match are automatically flagged for inclusion.
Discover looks at all people in the EmpowerID Identity Warehouse, while discover on the Entitlements tab looks at all group memberships.
Review the discovered people and entitlements and, if desired, deselect any that you do not want to include in the role.
When ready to publish a candidate role, ensure you have selected it from the Roles grid and then click either the Publish as Management Role or Publish as Business Role and Location button, depending on how you want the role to be used.
Publish as Management Role - Publishes the candidate role as a Management Role. Assigns people and entitlements to the Management Role.
Select the role you want to publish (tick the record for the role in the Roles grid) and then click the Create as Management Role button.
Publish as Business Role and Location - Publishes the entitlements to a new Management Role. Assigns the people to a selected Business Role and Location (BRL). Each person in the BRL maps as members of the Management Role.
Select the role you want to publish (tick the record for the role in the Roles grid) and then click the Create as Business Role button.
In the Business Role and Location section of the Publish Candidate Role form that appears click the Select a Role and Location link and then do the following in the Role and Location Selector that appears:
Type the name of the Business Role in the Business Role field and then click the node for the that role.
Click the Location tab.
Type the name of the Location in the Location field and then click the node for the that location.
Click the Select button to close the Role and Location selector.
Review the people in the candidate role. If you wish to exclude a person from the role, select Exclude People above the People in the Role section and then select the appropriate people.
Review the entitlements in the candidate role. If you wish to exclude an entitlement (group) from the role, select Exclude Entitlements above the Entitlements Covered by the Candidate Role section and then select the appropriate entitlements.