Specifying owners of a role

We can specify one or more owners of a role. The owners can be users or roles. We can specify owners of a role during role creation, or after a role is already created.

The result of designating people or roles as a role owner include:

• In workflows, role owners can act as participants. In particular, in the approval workflow for assigning roles to users, role owners can act as participants.

• In access control item (ACI) evaluations for management of roles, the role owner can act as a principal. This capability allows more than one person to share this delegated administrative responsibility. A special case of this scenario is when the role is an owner of itself. In that case, the members of the role can also be the administrators. We can set up a structure so that any member of the role can add other members.

• In exporting roles, the relationships to the role owners are also exported. Relationships to users that are role owners are exported, but the users themselves are not exported. On import, the ownership relationships are created only if the users exist in the import.

In any of these scenarios, being a child or member of a child role of a role owner is equivalent to being a child or member of the role itself.

To specify roles and users that have ownership of the role...

1. From the navigation tree, click Manage Roles. The Manage Roles page is displayed.

2. On the Manage Roles page:

   1. Enter information about the role in the Search information field.

   2. In the Search by field, specify whether to search against role names or descriptions, or against business units, and then click Search. A list of roles that match the search criteria is displayed.

   3. In the Roles table, click the icon () next to the role, and then click Change. The Role Type page is displayed.

3. Click Access Information.

4. On the Access Information page, complete these steps:

   1. Click the twisty icon next to Owners. The Role Owners and User Owners tables are displayed.

   2. Click Add to add owners to a list of role owners or user owners. We can select role owners, user owners, or a combination of both.The Select Roles or Select Users page is displayed.

   3. On the Select Roles or Select Users page, search for and select the owners to have ownership of the role, and then click OK.

Results

The Access Information page is displayed, and the list of owners is updated in the Role Owners and User Owners tables.

We can continue adding or removing owners of the role, or click OK.

Parent topic: Role administration