Predefined groups, views, and access control items
IBM Verify Identity Governance provides predefined groups. The groups are associated with views and access control items.
The following user interfaces, or consoles, are available:
- Self-service console for all users, for self-care activities such as changing personal profile information, such as a telephone number.
- IVIG Service Center for all users, for self-care activities such as changing personal profile information, requesting access.
- Administrative console, for selected users who belong to one or more groups that enable a range of administrative tasks.
A IBM Verify Identity Governance user with no other group membership has a basic privilege to use IBM Verify Identity Governance.
This set of users needs only a self-service console or the IVIG Service Center for self-care capabilities. The users are not in a labeled "group" such as a Help Desk Assistant group.
The predefined groups are associated with predefined views and access control items, to control what members can see and do, as illustrated in Figure 1
The predefined groups are:
- Administrator
- The administrator group has no limits set by default views or access control items and can access all views and do all operations in IBM Verify Identity Governance. The first system administrator user is named "itim manager".
- Auditor
- Members of the auditor group can request reports for audit purposes.
- Help Desk Assistant
- Members of the Help Desk Assistant group can request, change, suspend, restore, and delete accounts. Members can request, change, and delete access, and also can reset passwords, profiles, and accounts of others. Additionally, members can delegate activities for a user.
- Manager
- Members of the Manager group are users who manage the accounts, profiles, and passwords of their direct subordinates.
- Service Owner
- Members of the Service Owner group manage a service, including the user accounts and requests for that service.