Access Management in an Enterprise environment

Access Request Sites are local-only objects, meaning they can only reside on a single SAS or the MAS. The rules for selecting personnel and partitions are based on whether the Access Request Site is on a MAS or a SAS, and the security access object:

• If the Access Request Site is on a MAS:
  • In the Requesters tab, you can assign personnel and partitions from the MAS and any SAS.
  • In the Clearances tab, you can only assign global clearances and global partitions.
  • In the Personnel tab, you can only assign global personnel and global partitions
• If the Access Request Site is on a SAS:
  • In the Requesters tab, you can assign global partitions and global personnel, as well as partitions and personnel local to the SAS.
  • In the Clearances tab, you can only assign partitions and clearances local to the SAS.
  • In the Personnel tab, you can assign global partitions and partitions local to the SAS.

In the Access Management web portal, actions associated with requests created on a SAS can be carried out on the same requests on a MAS. This means that if a user is logged into the Access Management web portal on a MAS, the user can complete the same actions on the MAS on SAS-owned requests.

If you edit an approval rule in the Approvals tab using the Clearance editor on the MAS, and the approval rule is owned by a SAS, both MAS and SAS versions of the Clearance will reflect the change.

All actions associated with a document in the Access Management web portal on a SAS can sync to a MAS, but cannot sync from a MAS to a SAS. This means that the document is available for viewing from the MAS in cases where the SAS is offline.