An ACRM(Access Control Resource Manager) and ACR(Access Control Resource) are the designated roles in CONNECT that manage and are responsible for access group assignment. They approve and deny access requests as well as are responsible for performing the audits on the access that they assign.
The ACRM and ACR work in a hierarchal manner. When the ACRM can have zero, one, or multiple ACRs underneath them. An ACRM can assign an ACR access groups that the ACRM owns, allowing the ACR to assist in managing the access group.
The identity that approves the access will own the access and be directly responsible for handling the audits, until the access is transferred to another identity.
To assign an identity the role of ACRM a user must hold either the CONNECT Admin or ACRM Admin role. Any identity that holds that role can log in and perform the following steps:
If a large number of access groups need to be assigned at once, you can use the Bulk Edit feature. This will allow you to select multiple or all access group and assign in one click. This can be done by:
You can cancel at any point by click the Go Back button.
Once you have an identity set up and an ACRM you can assign an identity to be an ACR underneath them. This can also be done via the Edit ACRM screen, and must still be done by an identity that holds either the CONNECT Admin or ACRM Admin role.
To assign an identity as an ACR:
To assign all the access groups own by the ACRM to the ACR you can use the Add All button