An Admin Role defines the actions, also known as functional capabilities, that can be performed and the scope of control (the scope of control refers to the set of organizations managed by the admin role).
Multiple admin roles can be assigned to a single administrator. This enables an administrator to have one set of capabilities in one scope of control, and a different set of capabilities in another scope of control. For example, one admin role might grant the administrator the right to create and edit users for the controlled organizations specified in that admin role. A second admin role assigned to the same administrator, might grant only the change user passwords right in a separate set of controlled organizations as defined in that admin role.
Admin roles enable the reuse of capabilities and scope-of-control pairings. Admin roles also simplify the management of administrator privileges across a large number of users. Instead of directly assigning capabilities and controlled organizations to individual users, admin roles should be used to grant administrator privileges.
There are two predefined admin roles in Oracle Identity Manager:
System Administrator, that is the Oracle Identity Manager System Administrator role with all privileges.
Catalog System Administrator, that is the role with privileges to manage all catalog items.
|
Note: Role catalog attributes can be edited from the Roles page only and requires additional privilege. |