A role defines a set of permissions related to one or more target systems or applications. For example, a user administrator role might be authorized to reset a user's password, while a system administrator role might have the ability to assign a user to a specific server.
Both the Catalog Administrator and User Application allow you to create roles, establish a roles hierarchy, define role relationships, and perform administrative actions on the roles. When creating a role, you must not include the following characters in the Name and Description of the role: < > , ; \ " + # = / | & *
In Catalog Administrator you can modify all role parameters except Role Level and Subcontainers. Once you have defined a role, you cannot change the level of the role. To change the level of the role, you must delete the role and create it again. With Catalog Administrator, you can select multiple roles for modify and delete operations.
Users can access the role administration activities from the Dashboard, if the identity applications administrator created links on the Applications page. To change information associated with a role, you can either select it from the default list of roles or filter the list.
The Configure Roles and Resources Settings action on the Roles and Resources tab of the User Application allows you to specify administrative settings for the Role Subsystem. These settings control the behavior of the role management components of the identity applications. For example, you can define a removal grace period for the time between removal of a role assignment and the initiation of related entitlement removal processes. You can also set the display strings for business levels. For more information, see the section on configuring the role subsystem in the Identity Manager User Application: User Guide.
To create and manage roles, you must have one of the following identity applications role:
Role Administrator
Role Manager
The following sections contain information about operations that you can perform as a role administrator: