The Role Mapping Administrator requires access to the Identity Vault. This enables the Role Mapping Administrator to perform the required Identity Vault operations, including:
Authenticating users who log in to the Role Mapping Administrator and establishing their authorization level. The users should have both Resource Administrator and Role Administrator roles.
Retrieving roles information to display if the authenticated user is a Role Module Administrator. If the authenticated user is a Role Manager, the Role Mapping Administrator uses the user’s credentials to display roles.
Creating resources with the selected authorization/entitlement and mapping them with the Identity Vault role.
Accessing information stored on the Identity Manager driver object to build the queries required to retrieve authorizations from managed systems.
Sending the queries to the Identity Manager drivers.
Creating, editing, and deleting roles.
For more information, see Section 2.4, Granting Rights to the Role Mapping Administrator.
IMPORTANT:Because no warnings are displayed in the user interface, you must not perform any modifications on the mappings unless you are sure about what you are doing.