Role administration
Organizational roles are a method of providing users with entitlements to managed resources. Organization roles determine which resources are provisioned for a user or set of users who share similar responsibilities. A role is a job function that identifies the tasks that a person can do and the resources to which the person has access. If users are assigned to an organizational role, managed resources available to that role then become available to the users in that role. The resources must be properly tied to that role.
We can assign a user to one or more roles. Additionally, roles can themselves be members of other roles, in what is termed child roles that contribute to role hierarchy. A role might be a child role of another organizational role, which then becomes a parent role. That child role inherits the permissions of the parent role. A role might be a child role of another organizational role in a provisioning policy. That child role also inherits the permissions of provisioning policy.
Activities are often assigned to roles rather than to individuals. This role-based model lowers the risk that individuals might gain more system access than required by their job function. We can also define policies to prevent users from having multiple roles that result in a conflict of interest.
- Role overview
- Role hierarchy change enforcement
- Create roles
- Modifying roles
- Values and formats for CSV access data (role)
- Export access data for a role
- Import access data for a role
- Define access by default for a role
- Classifying roles
- Specifying owners of a role
- Displaying a role-based access in the user interface
- Role assignment attributes
- Deleting roles
- Manage users as members of a role
- Add users to membership of a role
- Removing users from membership of a role
- Manage child roles
- Add child roles to a parent role
- Removing child roles from a parent role
- Create an access type based on a role
- Transferring roles
- Enabling access for multiple roles
- Disabling access for multiple roles