Implementation Guide › Optimizing Identity Manager › Role Optimizations

Role Optimizations

Identity Manager includes three types of roles:

• Admin roles

  Determine the privileges a user has in the User Console.

  When a user logs into an Identity Manager environment, the user's account has one or more admin roles. Each admin role contains tasks, such as Create User, that a user can complete in that Identity Manager environment. The admin roles that a user has determine the presentation of the User Console, therefore users see only the tasks that are associated with their roles.

• Provisioning roles

  Give users accounts in managed endpoints, such as an email system.

• Access roles

  Offer an additional way to provide entitlements in Identity Manager.

Roles include policies that determine the following:

• Who can use the role (for admin and access roles only) and where they can use it
• Who can manage role members and administrators
• Who can modify the role definition

Evaluating roles and their associated privileges can have a significant impact on Identity Manager performance.