Delegated Administration

Administration Guide › Role Planning › Creating Additional Administrators › Delegated Administration

Delegated Administration

Delegated administration is the use of roles to share the work of managing users and granting application access.

For each role in the system, a user can serve one or more of the following functions:

Function	Definition
Role Owner	Modifies the role.
Role Administrator	Assigns the role to users and other role administrators.
Role Member	Uses the role to perform admin or access tasks or use an endpoint account.

By dividing these functions between users, you can share the work of managing a role. For example, you can have lower-level administrators manage role membership and higher-level administrators modify the role.

You can implement delegated administration in the following ways:

Directly designate a user as an administrator for a given role.
Configure admin rules for a role. Admin rules define which users can be administrators of a role. The system automatically creates additional administrators when users meet the criteria specified in the rules.
Note: Only an administrator with privileges to modify a role can configure admin rules for that role. Typically, system administrators perform this activity. To configure admin rules that automatically delegate administration for a role, see the section entitled Admin Roles in the Reference Information section of the Online Help.