Sun Identity Manager Deployment Reference

Using Rules in Roles

In Identity Manager, a role is an object that allows you to efficiently group and assign resources to users. Roles have designated owners and approvers, where:

You can directly assign role owners and approvers to a role or use a role-assignment rule to dynamically assign them to a role.

You can use a rule to set the value of any resource attribute in a role definition. When Identity Manager evaluates the rule, it can reference any attribute of the user view.

Note –

For more information about roles, see the Business Administrator's Guide.

The following example shows how to use a rule to set an attribute value for a particular resource. When you create a user and associate this rule with that user’s role, the rule automatically sets the description value.

Example 4–5 Setting the Value for a User’s Resource Description

<Rule name=’account description’> 
      <string>Account for </string>