This has been one of the key and important features in Identity Governance and Intelligence (called IGI here onwards), which if used effectively can avoid confusion and avoid duplicate workflows to the end users.
This blog intends to share, some of the basics of scope management in IGI. For the purpose of this blog, IGI 5.2.5.1 has been used.
In this part, we will focus on IGI Administrator Role scoping.
IGI Administrator roles are used to manage user accesses on different IGI functionalities. Adding scopes to the administrator role helps in controlling the visibility for the user within the IGI functionality. That way, end user can see what is relevant for the logged in user and what he is entitled to work on.
The following link shows a list of scopes available for the IGI Administrator role.
https://www.ibm.com/support/knowledgecenter/en/SSGHJR_5.2.5/com.ibm.igi.doc/CrossIdeas_Topics/AGC/AdminRole_Scope.html
- Go to IGI Admin console -> Access Governance Core -> Configure -> Admin Roles. Select a role you want to scope. In the below example, you see Application scope has been defined for the selected role.
- Next, when admin assign an IGI administrator role he/she will be asked to assign an application (which is set as scope for the role) for the user.
- Now, when newly added user logs in to the IGI Service Center, he/she will see functionalities related to the assigned IGI administrator roles, but with the restricted visibility based on the defined scope. For an example, if user has two IGI Administration roles say, Employee and Application manager. He/she will see functionalities related to both roles but for Application Manager the functionality will be restricted to the scoped applications only.
- IGI have some default functionality assigned to these given IGI Administrator role as well as IGI Admin can add / few define some custom functionality like approval for a specific activity / custom reports and dashboards. I will be covering those specific configurations for different activities in comping up blogs.