Scope of the Service Owner group

The scope of activities for members of the Service Owner group is to manage a service, including the user accounts and requests for that service.

Additionally, service owners can view requests on services that they own that other users make. A request might be to authorize an account, unless the person form is customized to exclude some of the attributes for which the service owner has permission to read or write. A service owner can manage and delegate activities on their to-do lists. See Table 1.

Default tasks in view Default access control items
  • Self-service or Identity Service Center console

    • Change your passwords and specify information for your forgotten password questions.
    • View your personal profile.
    • View, request, or delete your accounts. We cannot change, suspend, or restore our own account.
    • View, request, or delete your access. We cannot change, suspend, or restore your access.
    • View your activities.
    • Manage delegation schedules.
  • Administrative console

    For the owned service.

    • Create, change, and delete a service.
    • Manage groups on a service, including membership, access, and recertification status. A service owner cannot add a group.
    • Manage accounts on a service, including requesting, changing, deleting, suspending, restoring, assigning, and making orphan accounts. Additionally, manage account defaults, recertification status, and reconciliation.
    • Manage all policies on a service.
    • Design workflows for account and access requests.
    • Request reports for users, accounts, services, and custom reports.
    • View all requests and pending requests by service.
    • View activities for the Service Owner.
    • Manage delegation schedules.
  • Self-care or Identity Service Center
    • Search and change a password.
    • Search, add, and change your account password.
    • View basic data about a service, such as service name and description.
  • Administrative

    For the owned service.

    • Add a service owner group.
    • Run reports for access, individual access, orphan accounts, dormant accounts, pending recertification, recertification history, and recertification policies.
    • Add and modify accounts and account defaults.
    • Search accounts, account defaults, admin domains, business partner organizations, and organization units. We can also search groups, users, locations, persons, and service owners.
    • Use all permissions and operations on all policies.
    • Use all permissions and operations on workflows.

Parent topic: Scope of groups