7.1 Understanding the Administrators of the Identity Applications

The installation process initializes the Domain Administrators and Domain Managers system roles for the identity applications. However, during installation, you can specify only the User Application Administrator and allow all other assignments to default to this user. After installation, you can assign accounts to the roles.

You must assign an account to the roles that have an Administrator title.

Provisioning Administrator

Required

A Domain Administrator who can perform all possible actions for all objects within the Provisioning domain.

Provisioning Manager

A Domain Manager who can perform only allowed actions for a subset of objects within the Provisioning domain.

Resource Administrator

Required

A Domain Administrator who can perform all possible actions for all objects within the Resource domain.

Resource Manager

A Domain Manager who can perform only allowed actions for a subset of objects within the Resource domain.

Role Administrator

Required

A Domain Administrator who can perform all possible actions for all objects (except for the System Roles) within the Role domain.

Role Manager

A Domain Manager who can perform only allowed actions for a subset of objects within the Role domain.

Security Administrator

Required

A Domain Administrator who can perform all possible actions for all objects within the Security domain. The Security domain allows the Security Administrator to configure access permissions for all objects in all domains within the Roles Based Provisioning Module.

The Security Administrator can configure s, and also assign domain administrators, delegated administrators, and other Security Administrators.

NOTE:For testing purposes, NetIQ does not lock down the security model in Standard Edition. Therefore, the Security Administrator is able to assign all domain administrators, delegated administrators, and also other Security Administrators. However, the use of these advanced features is not supported in production. In production environments, all administrator assignments are restricted by licensing. NetIQ collects monitoring data in the audit database to ensure that production environments comply. Furthermore, NetIQ recommends that only one user be given the permissions of the Security Administrator.

The User Application Administrator is not a system role. For more information, see User Application Administrator.