30. Full AccessMailbox Supervisor Resource Roles are convenient bundles of Rights and Operations specific for a type of resource and are used for delegation. Rights are permissions used in an external system that can be managed by EmpowerID. Operations are code-based actions protected by EmpowerID (usually in workflows). 8
31. Access In EmpowerIDAll assignments types result in matching a Person to a Resource Role Resource: Mailbox Send On Behalf Assigned To Resource Role Send As Person Full Access All permissions management in EmpowerID occurs by some time of assignment that results in a Person being granted a Resource Role for a Resource.
52. …IT Helpdesk Management Roles are job or responsibility-based bundles of Resource Roles to allow quick and consistent delegation of IT access needed to perform job responsibilities. 10
70. …IT Helpdesk (North America) Management Roles are job or responsibility-based bundles of Resource Roles and Resource Type Roles to allow quick and consistent delegation of IT access needed to perform job responsibilities. 11
71. Management Role InheritanceManagement Roles inherit Resource Roles assigned to their definitions IT Helpdesk Management Role Definition IT Helpdesk (North America) Management Roles (Children) IT Helpdesk (Asia) IT Helpdesk (Europe) Management Roles inherit Resource Role assignments from their definition and then include any assignments to the Management Role itself. The inheritance can only be 1 level deep from a definition to a Management Role. Management Roles cannot be children of other Management Roles or have more than 1 parent.
73. Management Role OverviewManagement Roles inherit Resource Roles assigned to their definitions Management Role Definition IT Helpdesk (North America) IT Helpdesk (Asia) IT Helpdesk (Europe)
74. LocationsRepresent Logical and Actual Directory Hierarchies Physical “Mapped” Trees Logical Trees Inheritance of Delegations Location of a Resource EmpowerID supports both Logical and Physical trees within a single Location tree structure. Resources belong to their physical Location implicitly and can be assigned to any number of logical Locations to scope delegation assignments.
75. Resource Role AssignmentsResource Role assignments are “scoped” by resource Location Assignment Scope Resource Role Assignee Recipient Admin I Delegations Recipient Admin II John Smith Resource Role assignments are limited or “scoped” by assigning the Resource Role only for Resources in or below a specific EmpowerID Location.
76. Assignees and ScopesResource Roles Assignees and Scope Options Assignment Scope Resource Role Assignee Conference Room1 Mailbox Supervisor Single Resource John Smith Recipient Admin II Domain A: “Helpdesk Admins” group Location showing inheritance Recipient Admin II EmpowerID Business Role: Helpdesk Employees in Sydney Resource Role Assignments can be made to specific People, to Groups, or to EmpowerID Business Role / Locations. In each case, any Person matching the criteria will receive the delegations specified by the Resource Role for all resources within the scope of the delegation.