In Identity Manager, a role defines a set of permissions related to one or more connected system. To maintain the permissions model, the Identity Manager drivers collect account IDs and permissions assignments from the connected systems. Identity Manager calls these permissions entitlements. Identity Manager uses entitlements to provide users with access to resources in connected systems. The Identity Manager roles system includes several different built-in roles that provide different levels of access rights to the role-based provisioning system. For example, someone assigned to administer the Roles Module has unlimited scope within the Roles system, but someone assigned to just manage roles is limited to specifically designated users, groups, and roles.
Business analysts can use NetIQ Identity Manager Catalog Administrator (Catalog Administrator) to manage authorizations without needing to understand the overall IT infrastructure. These components let you discover roles, composite roles, and profiles (collectively referred to as authorizations), then map them to Identity Manager roles across different systems from one location. Authorizations can be business roles, composite roles, and profiles. For example, when you assign an Identity Manager role to a user in the Roles Based Provisioning Module, the user receives all authorizations mapped to that role.
Catalog Administrator pulls role information from the User Application driver and requires access to the Identity Vault and the NetIQ Identity Manager Home and Provisioning Dashboard (Identity Manager Home). For more information, see the NetIQ Identity Manager Catalog Administrator User Guide .