Identity Manager admin roles enable you to define a unique set of capabilities for each set of organizations that are managed by an administrative user. An admin role is assigned capabilities and controlled organizations, which can then be assigned to an administrative user.
Capabilities and controlled organizations can be assigned directly to an admin role. They also can be assigned indirectly (dynamically) each time the administrative user logs in to Identity Manager. Identity Manager rules control dynamic assignment.
For more information on admin roles, see Understanding and Managing Admin Roles.