After you create a team, you can add and remove permissions that apply to team recipients.
While in the Create Team page or when modifying an existing team, select Add Permission.
Select Add Resources or Add Roles, as needed.
Specify the resources or roles that you want to add:
Applies only to resources
Makes all resources available for assignment to team recipients
Makes only the selected resources or roles available for assignment to team recipients
Makes only the resources or roles in the specified sub-containers available for assignment to team recipients
Select one or more permissions that the team requesters can request on behalf of team members:
Allows the requester to view the resource or role
Allows the requester to request access to the resource or role for team members
Allows the requester to request that access for the resource or role be removed
Applies only to roles
Allows the requester to assign the role to the recipient’s group and container in the Identity Vault
Applies only to roles
Allows the requester to request that a role be revoked from the recipient’s group and container in the Identity Vault
Select Add.
You might want to allow team managers to initiate PRDs on behalf of their team members. However, the team manager must have trustee rights to the PRD.
While in the Create Team page or when modifying an existing team, select Add Permission.
Select Add Provisioning Request Definitions.
Specify PRDs that you want to add:
Makes all PRDs available for assignment to team recipients
Makes only the specified resources available for assignment to team recipients
Makes only the resources in the specified containers available for assignment to team recipients
Select one or more permissions that you want to grant to team managers:
Requesters can start a PRD (workflow) on behalf of a team member
Requesters can stop a PRD on behalf of a team member
Requesters can make a team member a delegate for other team members’ provisioning requests
Requesters can claim a task for a team member who is a recipient or addressee (based on the task scope)
Reqeusters can reassign a task for a team member who is a recipient or addressee (based on the task scope)
NOTE:If Manage Addressee Task and Configure Availability are disabled, the team manager cannot view or act on any active requests. Therefore, you must enable at least one of these options.
Select Add.
You can enable the team’s requesters to create proxy assignments for the team’s recipients. For example, your organization might want to create teams based on functional departments and allow the department managers to make proxy assignments for their direct reports. For more information about proxy assignments, see Act as or Assign a Proxy.
While in the Create Team page or when modifying an existing team, select Add Permission.
Select Add User Application Driver Permissions.
Select Configure Proxy.
Select Add.