A role defines a set of permissions related to one or more target systems or applications. For example, a user administrator role might be authorized to reset a user's password, while a system administrator role might have the ability to assign a user to a specific server.
You must define roles in Catalog Administrator. This tool allows you to create roles, establish roles hierarchy, define role relationships, and perform administrative actions on the roles. When creating a role, you must not include the following characters in the Name and Description fields for the role: < > , ; \ " + # = / | & *
Except Role Level and Subcontainers, you can modify all other parameters of a role. Once you have defined a role, you cannot change the level of the role. To change the level of the role, you must delete the role and create it again. With Catalog Administrator, you can select multiple roles for modify and delete operations.
You can access the Role Administrator page from the Identity Manager Home and Provisioning Dashboard page. The Role Administrator page displays a list of currently defined roles in your organization. It also allows you to define new roles and manage existing ones. When you select a role from the list of roles, the page displays information about that role.
To change information associated with a role, you can either select it from the list of roles or search for it using Filter. The Roles page displays the details associated with the role.
The following sections contain information about operations that you can perform in the Role Administration page.