|
|
|
As an Identity Manager user, you can personally manage users and their access to applications or you can delegate this work. Delegated administration is the use of roles to share the work of managing users and granting application access.
For delegated administration, each role contains rules that describe which users perform the functions in the following figure:
|
Function |
Definition |
|---|---|
|
Role Owner |
Modifies the role |
|
Role Administrator |
Assigns the role to users and other role administrators |
|
Role Member |
Uses the role to perform admin or access tasks |
By dividing these functions between users, you can have lower-level administrators manage users and higher-level administrators assign or modify the role.
Note: An administrator is an Identity Manager user who can assign roles or use admin roles. A user is any Identity Manager user; that user may have admin roles, access roles, or both.
For a provisioning role, you can create administrator and owner rules, so that you can delegate administration. However, you cannot create member rules for provisioning roles in Identity Manager. Instead, you use Modify Provisioning Role Members/Administrators to add or remove role members.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |