Role administration

Organizational roles are a method of providing users with entitlements to managed resources. Organization roles determine which resources are provisioned for a user or set of users who share similar responsibilities. A role is a job function that identifies the tasks that a person can do and the resources to which the person has access.

If users are assigned to an organizational role, managed resources that are available to that role then become available to the users in that role. The resources must be properly tied to that role.

You can assign a user to one or more roles. Additionally, roles can themselves be members of other roles, in what is termed child roles that contribute to role hierarchy.

A role might be a child role of another organizational role, which then becomes a parent role. That child role inherits the permissions of the parent role. A role might be a child role of another organizational role in a provisioning policy. That child role also inherits the permissions of provisioning policy.

Activities are often assigned to roles rather than to individuals. This role-based model lowers the risk that individuals might gain more system access than required by their job function. You can also define policies to prevent users from having multiple roles that result in a conflict of interest.