Entitlements Tab
The Entitlements tab displays available entitlements to map to new and current categories. If entitlements do not exist, the right interface section will appear grayed and inaccessible.
Entitlement contain four subtabs allowing administrators to create, remove, and edit Workflow module entitlements.
The Entitlements tab interface may appear blank, initially. To add a new classification, click the plus icon.
 |
For each newly created entitlement, RapidIdentity Portal requires administrators to name and select the appropriate binding. The available binding choices are:
SINGLE: one instance per user
MULTI_BOUND: multiple instances per user
MULTI_UNBOUND: multiple instances per user, non-binding
COMPOSITE: one instance per user
Composite entitlements function as a group of SINGLE binding entitlements
After selecting a binding and clicking Create, the binding is fixed.
If an error occurs, the entitlement must be removed completely with the minus icon, and the process to create a new entitlement must start over.
Once the name and binding fields are selected, the new entitlement will display in the left interface, and four additional subtabs will display on the right interface. The binding determines additional subtab availability.
Each entitlement will have a fixed ID that is unique within RapidIdentity Portal. The remaining entitlement fields are editable, including the entitlement name, to suit the organization's needs.
 |
Entitlements General subtab Fields
Field Name | Description |
|---|---|
Name | Descriptive display name for the category. |
Description | Description of the category. |
Status | Active or Inactive. |
Icon | Icon to associate with the entitlement when it is displayed in the UI. This can be an icon in the icon list or any HTTP location. |
Enable RBAC | Enables or disables Role Based Access Control. |
Role(s) | Only members of the specified roles will have access to this Entitlement. |
Role Exclusion ACL | Only non-members of the specified Role(s) will have access to this Entitlement. |
Enable ABAC | Enables or disables Attribute Based Access Control |
Filter ACL | Only users matching the specified LDAP attribute will have access to this Entitlement. |
Entitlement Owner | Entitlement owners can be individual persons or a predefined Role(s). When a Role is used to own an entitlement, all members of that Role own the entitlement. |
Priority | Orders this resource on the dashboard and requests tab. A priority of -1 gives it no special ordering. 1 is the top priority and is listed first. |
Expiration | Administrators can choose to have entitlements never expire, expire a selected time from now, or on a selected date. Click the desired option and, if selecting days or date, click the listed value to configure. |
Time-based | The entitlement expires a selectable time (years, months, weeks, days, hours, minutes) from now. |
Campaign-based | The entitlement expires on the selected date every year. |
Force Expiration | Administrators can force entitlement expiration to occur on a selectable time (years, months, weeks, days, hours, minutes) from now or on a selectable date, similar to time- and campaign-based expiration. |
Disable certification and extension | When checked, the entitlement can neither be certified nor extended. |
May not be requested in the UI | When checked, the entitlement will not display to users in the Requests tab when the entitlement is neither granted nor revoked. If the box is checked and the entitlement is in the process of being granted, the entitlement displays in the Requests tab. |
Grant Workflow | The Workflow Definition to use when the Entitlement is being granted. |
Grant Workflow Form | If the Grant Workflow has forms defined, you may pick a form that should be used for the Entitlement grant process. |
Revoke Workflow | The Workflow Definition to use when the Entitlement is being revoked. If not chosen, it defaults to the Grant Workflow. This option is not available for MULTI_UNBOUND Entitlements since those are not revokable. |
Revoke Workflow Form | If the Revoke Workflow has forms defined, pick a form that should be used for the Entitlement revoke process. This option is not available for MULTI_UNBOUND Entitlements since those are not revokable. |
Data Classification | The Data Classification associated with the Entitlement. |