C.5 Role Definition Object (nrfRole)

The schema object that contains provisioning role definitions.

Table C-4 Role Definition Object Schema Definition

Attribute

Description

nrfActive

Whether role is active.

nrfApprovers

Role approvers. Order of approvers is maintained by an integer in the second element.

nrfChildRoles

Child roles of the current role.

nrfEntitlementRef

Identity Manager entitlement associated with the role. Supports embedding of dynamic parameter macros to allow users to specify values at request time.

nrfImplicitContainers

Containers assigned to the role.

nrfImplicitGroups

Groups assigned to the role.

nrfLocalizedDescrs

The localized description of the role.

nrfLocalizedNames

The localized name of the role.

nrfParentRoles

Parent role of the current role.

nrfQuorum

Used to support quorum approvals in template PRDs. This is the quorum condition. Can be percentage or number of approvers required.

nrfRequestDef

Provisioning request definition used for approving a role assignment.

nrfRevokeRequestDef

Provisioning request definition used for approving the revocation of a role assignment.

nrfRoleCategoryKey

Used to categorize role.

nrfRoleLevel

Role level that defines the role hierarchy.

nrfStatus

Status of role. Valid codes are described in Role Status Codes (nrfStatus).

C.5.1 Role Status Codes (nrfStatus)

Table C-5 Valid Role (nrfStatus) Status Codes

Status Code

Key

Description

50

CREATED

Role created.

15

DELETE PENDING

Role delete pending.