Setting up ACRs and ACRMs
An ACRM (Access Control Manager) and ACR(Access Control Representative) are the designated roles in CONNECT that manage and are responsible for access group assignment. They approve and deny access requests alongside being responsible for performing the audits on the access that is assigned.
The ACRM and ACR work in a hierarchical manner where the ACRM can have zero, one, or multiple ACRs underneath them. An ACRM can assign an ACR access groups that the ACRM owns, allowing the ACR to assist in managing the access group.
Note
The identity that approves the access will own the access and be directly responsible for handling the audits, until the access is transferred to another identity.
Setting up an ACRM
To assign an identity the role of ACRM a user must have either the CONNECT Admin or ACR Administrator rights/permissions. Any identity that holds those rights/permissions can log in and perform the following steps:
Go to the CONNECT tab.
Select the Configuration tab.
On the Configuration page, select the Roles section.
On the Role Management page, select the identity/user that requires the ACRM role assigning to them.
On the Role Manager page, click the Grant button on the Access Control Manager(ACRM) section.
Once the permission has been granted, a green border will show around the Access Control Manager(ACRM) section.
The user will then automatically be taken to the edit ACRM page, or this can be navigated to by selecting the Manage button on the user profile as shown in the image above. The user can then assign all desired access groups by starting to type the name of a Access Group in the Choose one or more access groups box and selecting it from the resultant dropdown list. Once all desired Access groups are selected click the Add button.
Bulk Edit
If a large number of access groups need to be assigned at once, use the Bulk Edit feature. This will allow the ability to select multiple or all access groups and assign in one click. This can be achieved by:
Click the Bulk Edit button on the Edit ACRM screen.
Select the access groups that are required to be assigned individually, or click the check box next to ACCESS GROUP Name to select all.
Once all the desired access groups are selected, click the Add button.
Note
You can cancel at any point by clicking the Go Back button.
Setting up an ACR
Once there is an an identity created and set up as an ACRM, the user is able to assign an identity to be an ACR underneath the ACRM role identity. This can also be done via the Edit ACRM screen, and must still be done by an identity that holds either the CONNECT Admin or ACR Administrator role.
To assign an identity as an ACR:
Go to the CONNECT tab.
Select Configuration tab.
On the Configuration page, select the Roles section.
On the Role Management page, select the identity/user that requires the ACR being added to them.
Note
Must be an identity/user that holds either the CONNECT Admin or ACRM (Access Control Manager) role.
On the Role Manager screen, the Access Control Manager (ACRM) item will now be green and the Grant button will now display as Manage. Click the Manage button.
On the Edit ACRM screen you can use the drop down on the left side to add an ACR under the selected ACRM. Start typing in the Identity's / User's name, select the Identity from the resultant dropdown list and select the Add button.
Note
All Identities on the CONNECT database should be selectable but some may appear greyed-out if they are already ACRs.
Note
Multiple identities/users can be added at this stage if required.
Once added the identity/user will be displayed under the ACRM, in the ACR List.
Edit the drop down field on the ACR record to assign any of the access groups owned by the ACRM to the ACR. Multiple selections can be made within this field.
Note
The Add All button will bulk add all the access groups that the ACRM already has assigned to them.
