Roles and access control

An organizational role supports different access control and access provisioning models in a customer deployment.

An organizational role can map to IBM Security Identity Manager access entitlements in a provisioning policy. Specific Security Identity Manager groups can be authorized or automatically provisioned for users that are members of the role.

If a role is a member of another organizational role in a provisioning policy, then that role member also inherits the permissions of the provisioning policy.

Security Identity Manager groups can be used to define views and access control for different types of entities that are managed in Security Identity Manager.

Parent topic: Resource provisioning