Administrators use the following controls to provision access through the delegation model:
Delegation: Administrators provision access to users and groups by assigning a role, which has specified permissions in the context of an ActiveView that provides the scope.
ActiveViews: An ActiveView represents a specific scope of managed objects which are defined by one or more rules. Managed objects identified by each rule in an ActiveView are aggregated together into a unified scope.
ActiveView Rule: Rules are defined by expressions that match a set of managed objects based on a number of conditions such as object type, location, name, and so forth.
Roles: A role represents a specific set of powers (permissions) required to perform a specific administration function. DRA provides a number of built-in roles for common business functions, and you can define custom roles that best fit your organization’s needs.
Powers: A power defines a specific permission for tasks supported by the managed object such as view, modify, create, delete, and so forth. Permissions around modification of a managed object can be further broken down to the specific properties that can be changed. DRA provides an extensive list of built-in powers for supported managed objects and can define custom powers to extend what can be provisioned through the delegation model.