Introduction

Many organizations face complex challenges in access management. As organizations grow, they encounter more tools, higher employee turnover, and increasingly decentralized working structures, all of which amplify these challenges. One effective strategy to address these issues is to involve business owners and data owners in the access management process. The CoreOne Suite Organization Unit Permission Manager is a powerful tool designed to facilitate this approach.

Assigning a role to a Core Identity within the context of an organization unit grants the user the following permissions.

This role is intended to work with roles based on the catalog logic. The role is not intended to work with resources.

Data Access Permissions

Entity	Permission	Context	Description

Entity	Permission	Context	Description
Core Identity	Read	The assigned organization unit and organization units below	Read Core Identities who have a valid employment to the organization unit assigned in the context (or below).
Roles	Read	None	Read roles who he has the assign right to and the employee has receive rights to (via catalog logic)
Role Assignments	Create / Read / Update / Delete	None	He can create, update, read and delete role assignments for those Core Identities, based on the catalog logic. That means, he won't see role assignments of roles, where he does not have the assign rights to.
Organization Unit	Read	None	He can read the organization unit of the context

View Permissions

View	Description

View	Description
My CoWorkers	Gives view access to the My CoWorkers view
Core Identity Detail Page	Can see the details of the Core Identity and the following tabs
Assignment Tab - Roles	Lists all role assignments of the Core Identity
Assignment Tab - Roles - Create	Add new role assignments based on the catalog logi
Assignment Tab - Roles - Role Assignment Detail	Can view the details of the role assignment