erRole
The erRole class
stores the name and description
for an organizational role. However, it does not store membership
information. The user membership is stored in erPersonItem.erRoles,
and the role membership is stored in the ROLE_INHERITANCE database
table. This class is a domain entry. The parent class is top.
| Attribute name | Description | Type |
|---|---|---|
erRoleName |
Name of the organizational role. This attribute is required. | directory string |
description |
Description of the role. | directory string |
erSubRoles1 |
Contains no value, attribute is used for ACI permission on managing child roles. | directory string |
erRoleClassification1 |
The classification of role, application role, system role, and others. | directory string |
owner1 |
The owner of the role, can be person dn or role dn. | distinguished name |
erRoleAssignmentKey3 |
The assignment attributes of a role (multi-valued attribute). | directory string |
erURI3 |
The universal resource identifier. | directory string |
1 Indicates the attribute is added in release 5.1.
3 Indicates the attribute is added in IBM Verify Identity Governance 6.0.