test

Sun Identity Manager 8.1 Business Administrator's Guide

Task-Based Capabilities Definitions

This section describes each of the task-based capabilities that can be assigned to users. It also lists the tabs and subtabs that can be accessed with each capability. Capabilities are listed in alphabetical order by name.

Note –

This table does not include information about default tabs and subtabs that are available to all users, such as the Change My Password tab.

Table D–1 Identity Manager Task-Based Capabilities Definitions

Capability 

Allows the Administrator/User to 

Can Access These Tabs and Subtabs 

Access Review Detail Report Administrator 

Create, edit, delete, and execute Access Review Detail Reports, Access Review Coverage Reports, and Access Scan User Scope Coverage Reports 

Reports -> Run Reports tab and View Reports tab 

Access Review Summary Report Administrator 

Create, edit, delete, and execute Access Review Summary Reports 

Reports -> Run Reports tab and View Reports tab 

Account Administrator 

Perform all operations on users, including assigning capabilities. Does not include bulk operations. 

Accounts -> List Accounts, Find Users, Extract to File, Load from File, and Load from Resource tabs 

Passwords -> Change User Password tab and Reset User Password tab 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Roles -> List Roles tab and Find Roles tab 

Admin Report Administrator 

Create, edit, delete, and run Administrator reports and Admin role reports.. 

Reports -> Run Reports tab and View Reports tab (Administrator and Admin Role reports only) 

Admin Role Administrator 

Create, edit, and delete admin roles. 

Security -> Admin Roles tab 

Application Administrator 

Create, edit, and delete Application roles. 

Server Tasks -> Find Tasks, All Tasks, Run Tasks tabs (synchronize roles) 

Roles -> List Roles tab and Find Roles tab 

Asset Administrator 

Create, edit, and delete Asset roles. 

Server Tasks -> Find Tasks, All Tasks, Run Tasks tabs (synchronize roles) 

Roles -> List Roles tab and Find Roles tab 

Assign Audit Policies Administrator 

Assign audit policies to user accounts and organizations. 

Edit the User Audit Policy from the User Actions list and edit the Organization Audit Policy from the Organization Actions list. 

Accounts -> List Accounts tab and Find Users tab.  

Assign Organization Audit Policies Administrator 

Assign audit policies to organizations only. 

Edit the Organization Audit Policy from the Organization Actions list. 

Accounts -> List Accounts tab  

Assign User Audit Policies Administrator 

Assign audit policies to users only. 

Edit the User Audit Policy from the User Actions list 

Accounts -> List Accounts tab and Find Users tab  

Assign User Capabilities 

Change user capabilities assignments (assign and unassign). 

Must be assigned with another user administrator capability (for example, Create User or Enable User). 

Accounts -> List Accounts (edit only) and Find Users tabs. 

Audit Policy Administrator 

Create, modify, and delete audit policies. 

Compliance -> Manage Policies tab 

Audit Policy Scan Report Administrator 

Run or schedule audit policy scan tasks. 

Server Tasks -> Find Tasks, All Tasks, Run Tasks, and Manage Schedule tabs 

Audit Report Administrator 

Create, modify, delete, and execute audit reports. 

Access to AuditLog, Historical User Changes, Individual User AuditLog, and Usage reports only. 

Reports -> Run Reports tab and View Reports tab.  

AuditLog Report Administrator 

Create, modify, delete, and execute the AuditLog Report. 

Reports -> Run Reports tab 

Audited Attribute Report Administrator 

Create, modify, delete, and execute the Audited Attribute Report. 

Reports -> Run Reports tab and View Reports tab 

Auditor Access Scan Administrator 

Create, edit, and delete Periodic Access Review scans 

Compliance -> Manage Access Scans tab 

Auditor Administrator 

Set up, manage, and monitor audit policies, audit scans, and user compliance. 

Accounts -> List Accounts tab and Find Users tab 

Server Tasks -> Find Tasks, All Tasks, Run Tasks, and Manage Schedule tabs 

Reports -> Run Reports tab and View Reports tab 

Compliance -> Manage Policies, Manage Access Scans, and Access Reviews tabs 

Auditor Attestor 

Required to attest other users’ attestations while organization security is enabled. 

Default Passwords and Work Items tabs only 

Auditor Periodic Access Review Administrator 

Manage Periodic Access Reviews (PAR), manage access scans, manage attestations, manage PAR reports. 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Compliance -> Manage Access Scans tab and Access Review tab 

Auditor Remediator 

Remediate, mitigate, and forward audit policy violations. 

Default Passwords and Work Items tabs only 

Auditor Report Administrator 

Create, modify, delete, and execute any of the Auditor Reports. 

Server Tasks -> Find Tasks, All Tasks, Run Tasks, and Manage Schedule tabs 

Reports -> all actions on auditor reports 

Auditor View User 

View compliance information associated with user. 

Accounts -> List Accounts tab and Find Users tab 

Audit Policy Violation History Administrator 

Create. modify, delete, and execute the Audit Policy Violation History report. 

Reports -> Run Reports tab 

Bulk Account Administrator 

Perform regular and bulk operations on users, including assigning capabilities. 

Accounts -> List Accounts, Find Users, Launch Bulk Actions, Extract to File, Load from File, and Load from Resource tabs 

Passwords -> Change User Password tab and Reset User Password tab 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Roles -> List Roles tab and Find Roles tab 

Bulk Change Account Administrator 

Perform regular and bulk operations except delete on existing users, including assigning capabilities. 

Cannot create or delete users. 

Accounts -> List Accounts, Find Users, and Launch Bulk Actions tabs.  

Passwords -> Change User Password tab and Reset User Password tab 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Roles -> List Roles tab and Find Roles tab 

Bulk Change Resource Password Administrator 

Change the password for the specified resource connection account on the specified resources. 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tab 

Resources -> List Resources tab and Launch Bulk Actions tab 

Bulk Change User Account Administrator 

Perform regular and bulk operations except delete on existing users. 

Cannot create, delete, or assign capabilities to users. 

Accounts -> List Accounts, Find Users, and Launch Bulk Actions tabs.  

Passwords -> Change User Password tab and Reset User Password tab 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tab 

Roles -> List Roles tab and Find Roles tab 

Bulk Create Users 

Assign resources and initiate user create requests (on individual users and by using bulk operations). 

Accounts -> List Accounts (Create only), Find Users, and Launch Bulk Actions tabs 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tab 

Roles -> List Roles tab and Find Roles tab 

Bulk Delete Users 

Delete Identity Manager user accounts; deprovision, unassign, and unlink resource accounts (on individual users and by using bulk operations). 

Accounts -> List Accounts, Find Users, and Launch Bulk Actions tabs 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tab 

Roles -> List Roles tab and Find Roles tab 

Bulk Delete IDM Users 

Delete existing Identity Manager user accounts (on individual users and by using bulk operations). 

Accounts -> List Accounts (Delete only), Find Users, and Launch Bulk Actions tabs 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tab 

Roles -> List Roles tab and Find Roles tab 

Bulk Deprovision User 

Delete and unlink existing resource accounts (on individual users and by using bulk operations). 

Accounts -> List Accounts (Deprovision only), Find Users, and Launch Bulk Actions tabs 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tab 

Roles -> List Roles tab and Find Roles tab 

Bulk Disable User 

Disable existing users and resource accounts (on individual users and by using bulk operations). 

Accounts -> List Accounts (Disable only), Find Users, and Launch Bulk Actions tabs 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tab 

Roles -> List Roles tab and Find Roles tab 

Bulk Enable User 

Enable existing users and resource accounts (on individual users and by using bulk operations). 

Accounts -> List Accounts (Enable only), Find Users, and Launch Bulk Actions tabs 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tab 

Roles -> List Roles tab and Find Roles tab 

Bulk Reset Resource Password Administrator 

Reset the password for the specified resource connection account on the specified resources. 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Resources -> List Resources tab and Launch Bulk Actions tab 

Bulk Unassign User 

Unassign and unlink existing resource accounts (on individual users and by using bulk operations). 

Accounts -> List Accounts (Unassign only), Find Users, and Launch Bulk Actions tabs 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Roles -> List Roles tab and Find Roles tab 

Bulk Unlink User 

Unlink existing resource accounts (on individual users and by using bulk operations). 

Accounts -> List Accounts (Unlink only), Find Users, and Launch Bulk Actions tabs 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Roles -> List Roles tab and Find Roles tab 

Bulk Update Users 

Edit, move, and update existing users and resource accounts (on individual users and by using bulk operations). 

Accounts -> List Accounts (edit, move, and update actions only), Find Users, and Launch Bulk Actions tabs 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Roles -> List Roles tab and Find Roles tab 

Bulk User Account Administrator 

Perform all regular and bulk operations on users. 

Accounts -> List Accounts, Find Users, Launch Bulk Actions, Extract to File, Load from File, and Load from Resource tabs 

Passwords -> Change User Password tab and Reset User Password tab 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Roles -> List Roles tab and Find Roles tab 

Business Role Administrator 

Create, edit, and delete Business Roles. 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs (synchronize roles) 

Roles -> List Roles tab and Find Roles tab 

Capability Administrator 

Create, modify, and delete capabilities. 

Security -> Capabilities tab 

Change Account Administrator 

Perform all operations except delete on existing users, including assigning capabilities. Does not include bulk operations 

Create admin and user reports, run and edit admin reports, run AuditLog reports in scope.  

Cannot run admin or user reports on out-of-scope organizations. Cannot delete users. 

Accounts -> List Accounts tab and Find Users tab 

Passwords -> Change User Password tab and Reset User Password tab 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Roles -> List Roles tab and Find Roles tab 

Change Resource Active Sync Administrator 

Change Active Sync resource parameters. 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Resources -> List Resources tab 

Change Password Administrator 

Change user and resource account passwords. 

Access to Export Password Scan task only (from Run Tasks tab) 

Accounts -> List Accounts tab and Find Users tab 

Passwords -> Change User Password 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs.  

Roles -> List Roles tab and Find Roles tab 

Change Password Administrator (Verification Required) 

Change user and resource account passwords following successful validation of the user’s authentication question answers. 

Access to Export Password Scan task only (from Run Tasks tab) 

Accounts -> List Accounts tab and Find Users tab  

Passwords -> Change User Password tab (verification required before action) 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs  

Roles -> List Roles tab and Find Roles tab 

Change Resource Password Administrator 

Change resource administrator account passwords. Change resource passwords only (from Manage Connection -> Change Password in the actions menu) 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Resources -> List Resources tab.  

Change User Account Administrator 

Perform all operations on existing users except deletes and bulk operations. Also cannot create, delete, or assign capabilities to users. 

Accounts -> List Accounts tab and Find Users tab 

Passwords -> Change User Password tab and Reset User Password tab 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Roles -> List Roles tab and Find Roles tab 

Configure Audit 

Configure the events and configuration groups audited in the system. 

Configure -> Audit tab 

Configure Certificates 

Configure trusted certificates and CRLs. 

Security -> Certificates tab 

Control Active Sync Resource Administrator 

Control Active Sync resource state (such as start, stop, and refresh) 

Resources -> List Resources tab 

For Active Sync resources: Active Sync actions menu 

Create User 

Assign resources and initiate user create requests. Does not include bulk operations 

Accounts -> List Accounts (Create only) tab and Find Users tab 

Server Tasks -> Find Tasks, All Tasks, and Run tasks tabs 

Roles -> List Roles tab and Find Roles tab 

Data Warehouse Administrator 

Configure Data Exporter and run the Data Warehouse Exporter Launcher task. 

Reports -> Dashboard Graphs tab and View Dashboards tab 

Resources -> List Resources tab 

Configure -> Warehouse tab 

Data Warehouse Query 

Configure and run forensic queries 

Reports -> Dashboard Graphs tab and View Dashboards tab 

Resources -> List Resources tab 

Compliance -> Forensic Query 

Delete User 

Delete Identity Manager user accounts; deprovision, unassign, and unlink resource accounts. Does not include bulk operations. 

Accounts -> List Accounts (Delete only) tab and Find Users tab 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Roles -> List Roles tab and Find Roles tab 

Delete IDM User 

Delete Identity Manager user accounts. Does not include bulk operations. 

Accounts -> List Accounts (Delete only) tab and Find Users tab 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Roles -> List Roles tab and Find Roles tab 

Deprovision User 

Delete and unlink existing resource accounts. Does not include bulk operations. 

Accounts -> List Accounts (Deprovision only) tab and Find Users tab 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Roles -> List Roles tab and Find Roles tab 

Disable User 

Disable existing users and resource accounts. Does not include bulk operations 

Accounts -> List Accounts (Disable only) tab and Find Users tab 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Roles -> List Roles tab and Find Roles tab 

Enable User 

Enable existing users and resource accounts. Does not include bulk operations 

Accounts -> List Accounts (Enable only) tab and Find Users tab 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Roles -> List Roles tab and Find Roles tab 

End User Administrator 

View and modify the rights to object types specified in the End User capability and the End User Controlled Organizations rule. 

All default tabs 

External Resource Administrator 

View and configure external resources only. Cannot create new resources. 

Configure -> External Resources tab 

Configure Identity Manager Schema 

View and configure the effective schema for Users or Roles using the Identity Manager configuration object IDM Schema Configuration.

All default tabs 

Import User 

Import users from defined resources. 

Accounts -> List Accounts, Find Users, Extract to File, Load from File, and Load from Resource tabs 

Roles -> List Roles tab and Find Roles tab 

Import/Export Administrator 

Import and export all types of objects. 

Configure -> Import Exchange File tab 

IT Role Administrator 

Create, edit, and delete IT Roles. 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs (synchronize roles) 

Roles -> List Roles tab and Find Roles tab 

Login Administrator 

Edit the set of login modules for a given login interface. 

Security -> Login tab 

Organization Administrator 

Create and edit organizations and directory junctions. Delete organizations only. 

Accounts -> List Accounts tab 

Organization Approver 

Approve requests for new organizations. 

Default Passwords and Work Items tabs only 

Organization Violation History Administrator 

Create, edit, delete, and execute the Organization Violation History reports only. 

Reports -> Run Reports tab 

Password Administrator 

List, change, and reset user and resource account passwords. 

Accounts -> List Accounts tab and Find Users tabs 

Passwords -> Change User Password tab and Reset User Password tab 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Roles -> List Roles tab and Find Roles tab 

Password Administrator (Verification Required) 

List, change, and reset user and resource account passwords only. Successful validation of the user’s authentication question answers required before action succeeds. 

Accounts -> List Accounts tab and Find Users tab 

Passwords -> Change User Password tab and Reset User Password tab 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Roles -> List Roles tab and Find Roles tab 

Perform Debug 

Access and execute operations from the Identity Manager debug pages. 

Note –

The Identity Manager debug pages cannot be accessed from the menu. To access the debug pages, type the following URL into your browser:

http://<AppServerHost>:<Port>/idm/debug

All default tabs 

Policy Administrator 

Create, edit, and delete Policies. 

Security -> Policies tab 

Policy Summary Report Report Administrator 

Create, edit, delete, and execute the Policy Summary Reports. 

Reports -> Run Report tab and View Reports tab 

Register Identity Manager Product Component 

Register an installation of Identity Manager with Sun Microsystems or create a local service tag. 

Configure -> Product Registration tab 

Reconcile Administrator 

Edit reconciliation policies and control reconciliation tasks. 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs (View reconcile task). 

Resources -> List Resources tab and Examine Account Index tab 

Reconcile Report Administrator 

Create, edit, delete, and run reconciliation reports. 

Reports -> Run Reports tab (Account Index report only) and View Reports tab 

Reconcile Request Administrator 

Manage reconciliation requests. 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Resources -> List Resources tab (list and reconciliation features only) and View Reports tab 

Remedy Integration Administrator 

Edit Remedy integration configuration (view tasks, run role synchronization). 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Configure -> Remedy Integration tab 

Rename User 

Rename existing users and resource accounts (list all accounts in scope, rename users). 

Accounts -> List Accounts tab and Find Users tab 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Roles -> List Roles tab and Find Roles tab 

Report Administrator 

Configure audit settings and run all report types (view tasks, run role synchronization). 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Reports -> Run Reports, View Reports, Run Risk Analysis, and View Risk Analysis tabs 

Roles -> List Roles tab and Find Roles tab 

Configure -> Audit tab 

Reset Password Administrator 

Reset user and resource account passwords. 

Accounts -> List Accounts tab and Find Users tab (Reset Password only) 

Passwords -> Reset User Password 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs (No tasks are available to users with this capability) 

Roles -> List Roles tab and Find Roles tab 

Reset Password Administrator (Verification Required) 

Reset user and resource account passwords. Successful validation of the user’s authentication question answers is required before action succeeds. 

Accounts -> List Accounts tab and Find Users tab 

Passwords -> Reset User Password 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs (No tasks are available to users with this capability) 

Roles -> List Roles tab and Find Roles tab 

Reset Resource Password Administrator 

Reset resource administrator account passwords (from Manage Connection -> Reset Password in the actions menu). 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Resources -> List Resources tab  

Resource Administrator 

Create, edit, and delete resources. Resource User Report and Resource Group Report return an error on out-of-scope resources. Edit global policies, parameters, and resource groups. Cannot manage connections or resource objects 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Resources -> List Resources, List Resource Groups, and Examine Account Index tabs  

Configure -> Connector Servers 

Resource Approver 

Approve resource assignments 

All default Passwords and Work Items tabs 

Resource Group Administrator 

Create, edit, and delete resource groups. 

Resources -> List Resource Groups tab 

Resource Object Administrator 

View, create, modify, and delete resource objects. 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Resources -> List Resources tab 

Resource Password Administrator 

Change and reset resource proxy account passwords. 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Resources -> List Resources tab (Change resource password only from Manage Connection -> Change Password in the actions menu) 

Resource Report Administrator 

Create, edit, delete, and run resource reports. 

Reports -> Run Reports tab and View Reports tab 

Resource Violation History Administrator 

Create, edit, delete, and execute Resource Violation History reports. 

Reports -> Run Reports 

Risk Analysis Administrator 

Create, edit, delete, and run risk analysis. 

Reports -> Risk Analysis tab and View Risk Analysis tab 

Role Administrator 

Create, edit, synchronize, and delete roles. 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Roles -> List Roles tab and Find Roles tab 

Role Approver 

Approve role assignments 

All default Passwords and Work Items tabs 

Role Report Administrator 

Create, edit, delete, and run resource reports. 

Reports -> Run Reports tab and View Reports tab 

Roles -> List Roles tab 

Run Access Review Detail Report 

Run the Access Review Detail Report 

Reports -> Run Reports tab and View Reports tab 

Run Access Review Summary Report 

Run the Access Review Summary Report 

Reports -> Run Reports tab and View Reports tab 

Run Admin Report 

Run administrator reports. 

Reports -> Run Reports tab and View Reports tab 

Run Audit Policy Scan Report 

Run the Audit Policy Scan Report. 

Server Tasks -> All Tasks, Find Tasks, and Run Tasks only 

Run Audit Report 

Run Audit, AuditLog, Historical User Changes, Individual User AuditLog, and Usage reports only. 

Reports -> Run Reports tab and View Reports tab 

Run Audited Attribute Report 

Execute and view the Audited Attribute Report. 

Reports -> Run Reports tab and View Reports tab 

Run Auditor Report 

Run all reports of the type, AuditLog Report. 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Reports -> Run Reports tab and View Reports tab 

Run AuditLog Report 

Execute and view the AuditLog, Today's Activity and Weekly Activity reports. 

Reports -> Run Reports 

Run Audit Policy Violation History 

Execute and view the Organization Violation History report and Today's Activity and Weekly Activity report. 

Reports -> Run Reports 

Run Policy Summary Report 

Execute and view the Policy Summary Report. 

Reports -> Run Reports tab and View Reports tab 

Run Organization Violation History 

Execute the Organization Violation History report. 

Reports -> Run Reports tab 

Run Reconcile Report 

Execute and view Account Index reports. 

Reports -> Run Reports tab and View Reports tab 

Run Resource Report 

Execute and view Resource User and Resource Group reports. 

Reports -> Run Reports tab and View Reports tab 

Run Resource Violation History 

Execute Resource Violation History reports. 

Reports -> Run Reports tab 

Run Risk Analysis 

Execute and view risk analyses. 

Reports -> Run Risk Analysis tab and View Risk Analysis tab 

Run Role Report 

Execute and view role reports. 

Reports -> Run Reports tab and View Reports tab 

Roles -> List Roles tab 

Run Separation of Duties Report 

Execute and view Separation of Duties Reports. 

Reports -> Run Reports tab and View Reports tab 

Run Task Report 

Execute and view task reports. 

Reports -> Run Reports tab and View Reports tab 

Run User Access Report 

Execute and view Detailed User Reports and User Access reports. 

Reports -> Run Reports tab and View Reports tab 

Run User Report 

Execute and view user reports. 

Reports -> Run Reports tab and View Reports tab 

Run Violation Summary Report 

Execute the Violation Summary report. 

Reports -> Run Reports tab 

Security Administrator 

Create users with capabilities; enable and disable users, list and control resource objects, and manage encryption keys, manage log-in and audit configurations, and manage policies. 

Accounts -> List Accounts (some actions) tab and Find Users tab (audit report) 

Passwords -> Change user Password tab and Reset User Password tab 

Server Tasks -> Find Tasks, All Tasks, Run Tasks, and Configure Tasks tabs 

Reports -> Run Reports, View Reports, Dashboard Graphs, View Dashboards, and Configure Reports 

Resources -> List Resources  

Configure -> Audit tab and Warehouse tabs 

Security -> Certificates, Login, and Policies tabs 

Service Provider -> Edit User Search Configuration 

Separation of Duties Report Administrator 

Create, edit, execute, view, and delete Separation of Duties Reports. 

Reports -> Run Reports tab and View Reports tab 

Service Provider Admin Role Administrator 

Manage Service Provider Admin Roles and the associated rules. 

Security -> Admin Roles tab 

Service Provider Administrator 

Create, edit, and manage service provider users and transactions; configure the transaction database and tracked events. 

Accounts -> Manage Service Provider Users tab 

Server Tasks -> Service Provider Transactions tab 

Reports -> Dashboard Graphs tab 

Reports -> View Dashboards tab 

Service Provider -> Edit Main Configuration, Edit Transaction Configuration, and Edit User Search Configuration tabs 

Service Provider Create User 

Create user accounts for service provider (extranet) users. 

Accounts -> Manage Service Provider Users tab 

Service Provider Delete User 

Delete a service provider user account. 

Accounts -> Manage Service Provider Users tab 

Service Provider Update User 

Update a service provider user account. 

Accounts -> Manage Service Provider Users tab 

Service Provider User Administrator 

Manage service provider (extranet) users. 

Accounts -> Manage Service Provider Users 

Service Provider View User 

View service provider (extranet) user account information. 

Accounts -> Manage Service Provider Users tab 
     

Task Report Administrator 

Create, edit, delete, execute and view task reports. 

Reports -> Run Reports tab and View Reports tab 

Unassign User 

Unassign and unlink existing resource accounts. Does not include bulk operations. 

Accounts -> List Accounts (Unassign only) tab and Find Users tab 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Roles -> List Roles tab and Find Roles tab 

Unlink User 

Unlink existing resource accounts. Does not include bulk operations. 

Accounts -> List Accounts (Unlink only) tab and Find Users tab 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Roles -> List Roles tab and Find Roles tab 

Unlock User 

Unlock existing user’s resource accounts that support unlock. Does not include bulk operations. 

Accounts -> List Accounts (Unlock only) tab and Find Users tab 

Server Tasks -> Find Tasks, All Tasks, Run Tasks tabs 

Roles -> List Roles tab and Find Roles tab 

Update User 

Edit existing users and initiate user update requests. Manage existing server tasks. 

Accounts -> List Accounts tab and Find Users tab 

Server Tasks -> Find Tasks, All Tasks, Run Tasks tabs 

Roles -> List Roles tab and Find Roles tab 

User Access Report Administrator 

Create, edit, delete, execute, and view User Access Reports. 

Reports -> Run Reports tab and View Reports tab 

User Account Administrator 

All operations on users, except cannot assign user capabilities. 

Accounts -> List Accounts, Find Users, Extract to File, Load from File, and Load from Resource tabs.  

Passwords -> Change User Password tab and Reset User Password tab 

Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs 

Roles -> List Roles tab and Find Roles tab 

User Report Administrator 

Create, edit, delete, execute and view user reports. 

Reports -> Run Reports tab and View Reports tab 

View Application 

List Application type roles and view Application type role information. No change actions allowed. 

Roles -> List Roles tab and Find Roles tab 

View Asset 

List Asset type roles and view Asset type role information. No change actions allowed. 

Roles -> List Roles tab and Find Roles tab 

View Business Role 

List Business roles and view Business role information. No change actions allowed. 

Roles -> List Roles tab and Find Roles tab 

View IT Role 

List IT roles and view IT role information. No change actions allowed. 

Roles -> List Roles tab and Find Roles tab 

View Role 

List all role types and view all role information. No change actions allowed. 

Roles -> List Roles tab and Find Roles tab 

View User 

View individual user details. No change actions allowed. 

Accounts -> List Accounts tab and Find Users tab 

Violation Summary Report Administrator 

Create, edit, delete, and execute Violation Summary reports. 

Reports -> Run Reports tab 

Identity System Administrator 

Perform system-wide tasks, such as editing system configuration objects, synchronizing roles, editing source adapter templates, and running reports. 

Server Tasks -> Find Tasks, All Tasks, Run Tasks, Manage Schedule, and Configure Tasks tabs 

Reports -> Run Reports, View Reports, Dashboard Graphs, View Dashboards, and Configure Reports tabs 

Resources -> List Resources 

Configure -> Audit, Warehouse, Email Templates, Form and Process Mappings, Servers, User Interface, and Product Registration tabs 

Compliance -> Access Reviews 

Security -> Certificates