Setting up ACRs and ACRMs

ACRMs vs ACRs

An ACRM(Access Control Resource Manager) and ACR(Access Control Resource) are the designated roles in CONNECT that manage and are responsible for access group assignment. They approve and deny access requests as well as are responsible for performing the audits on the access that they assign.

The ACRM and ACR work in a hierarchal manner. When the ACRM can have zero, one, or multiple ACRs underneath them. An ACRM can assign an ACR access groups that the ACRM owns, allowing the ACR to assist in managing the access group.

The identity that approves the access will own the access and be directly responsible for handling the audits, until the access is transferred to another identity.

Setting up an ACRM

To assign an identity the role of ACRM a user must hold either the CONNECT Admin or ACRM Admin role. Any identity that holds that role can log in and perform the following steps:

  1. Go to the CONNECT tab
  2. In CONNECT, select Configuration tab
  3. On the Configuration page, select Roles item
  4. On the Role Management page, select the identity you want assign the ACRM role too
  5. On the Role Manager page, click the Grant button on the Access Control Manager(ACRM) option.
  6. On the Edit ACRM page, you can assign access groups by using the drop down on the right. Type in the name of the access group and select it. Once all Access groups are selected click Add

Bulk Edit

If a large number of access groups need to be assigned at once, you can use the Bulk Edit feature. This will allow you to select multiple or all access group and assign in one click. This can be done by:

  1. Click the Bulk Edit button on the Edit ACRM screen.
  2. Select the access groups that you want to assign, or click the check box next to ACCESS GROUP Name to select all.
  3. Once all access groups are selected, click Add

You can cancel at any point by click the Go Back button.

Setting up an ACR

Once you have an identity set up and an ACRM you can assign an identity to be an ACR underneath them. This can also be done via the Edit ACRM screen, and must still be done by an identity that holds either the CONNECT Admin or ACRM Admin role.

To assign an identity as an ACR:

  1. Go to the CONNECT tab
  2. In CONNECT, select Configuration tab
  3. On the Configuration page, select Roles item
  4. On the Role Management page, select the identity you want to add an ACR too.
  5. On the Role Manager screen, the Access Control Manager (ACRM) item will now be green and the Grant button will not display as Manage. Click the Manage button.
  6. On the Edit ACRM screen you can use the drop down on the left side to add an ACR under the selected ACRM. Type in the identities name and select Add
  7. Once added the identity will be displayed under the ACRM, in the ACR List
  8. You can not use the drop down on the ACR record to assign any of the access groups owned by the ACRM to the ACR.

To assign all the access groups own by the ACRM to the ACR you can use the Add All button