An admin role defines the tasks available to a user who has that role. A provisioning role defines the accounts that are assigned to members of that role. Both types of roles also contain rules that define who can have the role, who can administer or modify the role, and so on. When you assign a role to a user, the actions you are enabling the user to take, or the access to accounts you are granting, depend on how the role is defined.
The following table shows the characteristics that comprise a role. When you are preparing to assign a role to a user, understand the tasks, rules, and policies that are associated with that role.
|
Characteristics |
Definition |
|---|---|
|
Role Profile |
Defines basic information about the role, such as the name and description. |
|
Tasks |
Defines the tasks that are associated with the role. |
|
Account Templates |
Define the details of accounts created in managed endpoints by a provisioning role. |
|
Member Rules, |
|
|
Admin Rules, |
|
|
Owner Rules |
Defines conditions under which a user can be a role owner. Role owners can modify a role. For example, they can add or delete tasks that are associated with that role. |
|
Scope Rules |
Limits the objects that members of a role can manage. Objects are users, groups, organizations, tasks and roles. For example, a role can allow role members to change salary information for other users. A scope rule can then limit those users to only ones within a specific department. |
|
Add Actions, |
Defines changes that are made to a user profile when a user is added or removed as a role member or administrator. |
|
Copyright © 2013 CA.
All rights reserved.
|
|