Only role approvers can authorize the assignment of end-users to the role.
You can directly assign role owners and approvers to a role or use a role-assignment rule to dynamically assign them to a role.
You can use a rule to set the value of any resource attribute in a role definition. When Identity Manager evaluates the rule, it can reference any attribute of the user view.
For more information about roles, see the Business Administrator's Guide.
The following example shows how to use a rule to set an attribute value for a particular resource. When you create a user and associate this rule with that user’s role, the rule automatically sets the description value.
<Rule name=’account description’> <concat> <string>Account for </string> <ref>global.firstname</ref> <string>.</string> <ref>global.lastname</ref> </concat> </Rule>