Create a New Entitlement Role

If This is Your First Time Creating New Roles:

We recommend taking a quick moment to consider the following before you begin creating new roles:

  • When first starting out, we recommend starting very broadly. For example, many clients will start by creating roles that will capture the largest number of employees such as Loan Officers or Tellers, and then - over time - gradually work toward roles that are more specific such as "Remote Access" or "Teller Supervisors", and so on.

    NOTE: Entitlement Roles are critical if you are using the Operations module within Permission Assist; they'll be used to determine which applications and permissions people are given if they are hired, if they transition to a new role, and so on. We recommend planning to spend a little more time up front to ensure your roles are set up to the level of granularity that will make these processes accurate and efficient.

  • Change happens - you might replace outdated systems, vendors may introduce new modules and permissions to existing applications, job responsibilities may evolve, or you may add new applications into Permission Assist. Deciding how often you want to update entitlement roles and who will be maintaining the role can help to streamline the process. 

 

To create a new Entitlement Role, complete the following steps:

From the Entitlement Roles list, select the Create Role button near the top right corner of the page (see example below).

The Creating an Entitlement Role page is displayed and Permission Assist walks you through a series of questions to help you create the role. Refer to the sections below for more information about each step.

 

Name

Question/Option

Description
Enter a short, easily understood, display name.

Allows you to enter a short name for the Entitlement Role.

After entering a name, select the Continue button to proceed to the next step, "Describe".

 

Describe

Question/Option

Description
Briefly explain what access the role provides.

This area allows you to enter a longer more descriptive explanation of what the entitlement role is, who it includes, or the access it defines.

After entering a description, select the Continue button to proceed to the next step, "Owner".

 

Owner

Question/Option

Description
Who will be managing this role?

Within Permission Assist, an Entitlement Role Owner may not always be the one making decisions about every application within the role, but they are the person ultimately responsible for making sure the Entitlement Role is set up and properly managed. For example, the owner may have application owners or a "role committee" decide which permissions are allowed or denied for each application. In these cases, the Entitlement Role Owner would still oversee the process and make sure the roles are properly defined, committed, and enabled within Permission Assist.

Select this field and pick an owner from the list.

After picking the owner, select the Continue button to proceed to the next step, "Enrollment".

 

Enrollment

Question/Option

Description
Define the conditions that an identity must match to be part of this role.

This area allows you to determine how the conditions will be defined. Select one of the following options:

Option Description
Create from Scratch

If this option is selected, the Entitlement Role won't have any existing conditions - you'll define each of the conditions that will determine who is enrolled.

After selecting this option, select the Continue button. A new area appears, allowing you to define the conditions of the role (see example below).

To add new conditions, complete the following steps:

  1. By default, Identities will be automatically enrolled when the conditions are met. If you'd like to approve Identities to be optionally enrolled based on the conditions, select the automatically enrolled field and pick approved for optional enrollment.

  2. Select a condition option (Company, Division, Title, Department, etc). This will determine which conditions must be met for Identities to be enrolled. For example, if the "Title" option is selected, Identities will be enrolled based on whether their job title matches the selected job title(s).

  3. Select Go. A new criteria area is displayed (see picture below).

  4. Select the Click to select ... field and pick a criteria option from the list.

    TIPS:

    • If the criteria doesn't already exist, type a new one (and verify spelling is accurate).

    • You can add multiple criteria (for example, if you're creating a job title condition, you can add more than one job title). If multiple criteria of the same type are entered, an Identity would need to match both to be enrolled in the Entitlement Role.

  5. To add additional conditions, select the button. Then repeat steps 2 through 4.

  6. When all conditions have been added, select the Continue button to proceed to the next step, "Recommend".
Mirror an Identity

Select this option is you want Permission Assist to create a set of conditions based on an existing Identity.

After selecting this option, complete the following steps:

  1. Select the Continue button. The "Choose an identity..." field appears.

  2. Select the Identity that will be used to define the conditions of the new role.

  3. Select the Continue button. A new area appears, showing the conditions of the role which were created based on the selected Identity (see example below).

  4. Add, change, or remove conditions as needed.

  5. When all conditions have been added, select the Continue button to proceed to the next step, "Recommend".
Copy an Existing Role

When selecting this option, Permission Assist will create a new role with the exact same conditions as an Entitlement Role that already exists.

After selecting this option, complete the following steps:

  1. Select the Continue button. The "Choose an existing role..." field appears.

  2. Select the existing role that will be used to define the conditions of the new role.

  3. Select the Continue button. A new area appears, showing the conditions of the new role which were created based on the selected role (see example below).

  4. Add, change, or remove conditions as needed.

  5. When all conditions have been added, select the Continue button to proceed to the next step, "Recommend".

 

Recommend

Question/Option

Description
Do you want Permission Assist to automatically recommend ideal access?

Select one of the following options:

Option Description
Yes

Select this option if you want Permission Assist to make recommendations about which applications and permissions should be allowed based on usage.

No Select this option if you want to start with a clean slate. When this option is selected, you'll need to add applications and allow permissions manually. Selecting this option is helpful when you've already defined ideal access and want to reflect that within Permission Assist.

After making a selection, select the Continue button to proceed to the next step, "Submit".

 

Submit

When all steps have been completed, select the Submit button on the right side of the page to create the new role based on the information entered.

After the role is created, you can add applications, allow or deny privileges, change settings, or manually enroll people to the role if needed. 

When the role is ready to be used for personnel events and within reviews, enable it