Membership policy determines which users are members of a business role. Membership policy can include membership expressions, membership policy from other business roles, user or group inclusion lists, and user or group exclusion lists. Regardless of how users become members of a role (matching a membership expression, explicitly included, and so forth), they are authorized to have the resources specified in the business role for as long as they are members of the business role.
NOTE:Business role authorization of a resource (permission, technical role, or application) for a user is independent of assigning the resource to the user. For example, the business role might authorize a user to have a permission, but Identity Governance might not have assigned the permission. Similarly, Identity Governance might have assigned a permission, but the business role might not authorize the permission.