The identity applications use the Role and Resource Service Driver to manage back-end processing of resources:
Starts an SoD workflow and waits for approvals in situations where a role request requires an SoD workflow.
Starts a role assignment workflow and waits for approvals in situations where a role request requires a workflow.
Adds users to and remove users from roles. To do this, the Role and Resource Service driver:
Waits for a start date before making assignments
Terminates a role assignment when the end date is reached
Adds and removes higher-level and lower-level role relationships.
Adds and removes role assignments for groups.
Adds and removes role assignments for containers.
Maintains all role membership information for indirect role assignments, including:
Role assignments acquired through role relationships
Role assignments that result from membership in groups
Role assignments that result from membership in containers
Grants and revokes entitlements to and from users according to their role memberships.
Maintains additional reporting information that is associated with each role assignment.
Maintains additional reporting information on objects in eDirectory, such as:
Approval information
Where indirect assignments come from
Where entitlements come from
Logs events to an auditing service.
Cleans up processed requests after a user-specified amount of time.
Recalculates role assignments based on dynamic and nested groups on a polled basis.