The installation process initializes the Domain Administrators and Domain Managers system roles for the identity applications. However, during installation, you can specify only the identity applications administrator and allow all other assignments to default to this user. After installation, you can assign accounts to the roles.
You must assign an account to the roles that have an Administrator title.
Required
A Domain Administrator who can perform all possible actions for all objects within the Provisioning domain.
A Domain Manager who can perform only allowed actions for a subset of objects within the Provisioning domain.
Required
A Domain Administrator who can perform all possible actions for all objects within the Resource domain.
A Domain Manager who can perform only allowed actions for a subset of objects within the Resource domain.
Required
A Domain Administrator who can perform all possible actions for all objects (except for the System Roles) within the Role domain.
A Domain Manager who can perform only allowed actions for a subset of objects within the Role domain.
Required
A Domain Administrator who can perform all possible actions for all objects within the Security domain. The Security domain allows the Security Administrator to configure access permissions for all objects in all domains within the Roles Based Provisioning Module.
The Security Administrator can configure s, and also assign domain administrators, delegated administrators, and other Security Administrators.
NOTE:For testing purposes, NetIQ does not lock down the security model in Standard Edition. Therefore, the Security Administrator is able to assign all domain administrators, delegated administrators, and also other Security Administrators. However, the use of these advanced features is not supported in production. In production environments, all administrator assignments are restricted by licensing. NetIQ collects monitoring data in the audit database to ensure that production environments comply. Furthermore, NetIQ recommends that only one user be given the permissions of the Security Administrator.
The identity applications administrator is not a system role. For more information, see Identity Applications Administrator.