In Identity Manager terminology, a user who is assigned extended capabilities is an Identity Manager administrator. Use the Security tab to assign a user administrator privileges.
For more information on using the Security tab to create administrators, see Creating and Managing Administrators.
The Security form consists of the following sections.
Admin roles. Assigns one or more administrative roles to the user. A role is a specific pairing of capabilities and controlled organizations that facilitates assigning administrative duties to users in a coordinated way.
Capabilities. Enables rights in the Identity Manager system. Each Identity Manager administrator is assigned one or more capabilities, frequently aligned with job responsibilities.
Capabilities are discussed on Understanding and Managing Capabilities. A list of task-based capabilities with definitions is included in Appendix D, Capabilities Definitions on Appendix D, Capabilities Definitions. This appendix also lists the tabs and subtabs that may be accessed with each capability.
Controlled organizations. Assigns organizations that this user has rights to manage as an administrator. He can manage objects in the assigned organization and in any organizations below that organization in the hierarchy.
To have administrator capabilities, a user must be assigned at least one Admin role, or one or more capabilities AND one or more controlled organizations. For more information about Identity Manager administrators, seeUnderstanding Identity Manager Administration.
User Form. Specifies the user form that the administrator will use when creating and editing users. If None is selected, the administrator will inherit the user form assigned to his organization.
View User Form. Specifies the user form that the administrator will use when viewing users. If None is selected, the administrator will inherit the view user form assigned to his organization.
Account policy. Establishes password and authentication limits.