EndUser Capability
You can use the AdminGroup EndUser capability to assign permissions to non-administrative users that typically do not have assigned capabilities and do not control any organizations. The default definition of this capability was given in the example in the Permission Extensions section.
Identity Manager implicitly assigns all users the EndUser capability. This capability permits users to view several types of objects, including tasks, rules, roles, and resources. Although you can assign capabilities to end users, you may prefer not to. Identity Manager defines a user with explicitly assigned capabilities as an administrator, and the system caches information about administrators that results in an effective upper limit on the number of administrators an installation can have.
You can use the EndUserLibrary authorization type. The EndUser capability (or AdminGroup) has List and View access to Libraries with the EndUserLibrary authType.
To give users access to the contents of a Library, set authType=’EndUserLibrary’ and ensure that the Library’s MemberObjectGroup is set to All.
- © 2010, Oracle Corporation and/or its affiliates