Identity Manager implements the User Admin role and assigns it to all users by default. This role encapsulates the EndUser AdminGroup that provides two end-user authorization types (AuthTypes) and several list permissions for various object types.
These end-user authorization types include:
EndUserRule. Allows access to rule objects that have the EndUserRule AuthType specified in the object, as follows:
<Rule authType=’EndUserRule’ ...>
EndUserTask. Allows access to TaskDefinition objects that have the EndUserTask AuthType specified in the object, as follows:
<TaskDefinition authType=’EndUserTask’ ...>
EndUserLibrary. Allows access to the contents of a Library object.
To implement this AuthType, set the AuthType to EndUserLibrary and ensure the Library’s MemberObjectGroup is All. (The EndUser capability (AdminGroup) has List and View access to Libraries whose authorization type is EndUserLibrary.)