Each user can be assigned capabilities, or groups of rights, to enable him to perform administrative actions through Identity Manager. Capabilities allow the administrative user to perform certain tasks in the system and act on Identity Manager objects.
Typically, you assign capabilities according to specific job responsibilities, such as password resets or account approvals. By assigning capabilities and rights to individual users, you create a hierarchical administrative structure that provides targeted access and privileges without compromising data protection.
Identity Manager provides a set of default capabilities for common administrative functions. Capabilities meeting your specific needs can also be created and assigned.
For more information on capabilities, see Understanding and Managing Capabilities.