Previous      Contents      Index      Next
Sun[TM] Identity Manager 8.0 Administration

Appendix D
Capabilities Definitions

This appendix is organized into the following sections:

Task-Based Capabilities Definitions
Functional Capabilities Definitions

For general information about capabilities, see Understanding and Managing Capabilities.

Note	All capabilities grant the user or administrator access to the Passwords > Change My Password and Change My Answers tabs.

---

Task-Based Capabilities Definitions

This section describes each of the task-based capabilities that can be assigned to users. It also lists the tabs and subtabs that can be accessed with each capability. Capabilities are listed in alphabetical order by name.

Table D-1  Identity Manager Task-Based Capabilities Definitions (Page 1 of 13)

Capability	Allows the Administrator/User to:	Can Access These Tabs and Subtabs:
Access Review Detail Report Administrator	Create, edit, delete, and execute Access Review Detail Reports	Reports > Run Reports tab, View Reports tab- Access Review Detail Reports only Reports > View Dashboards
Access Review Summary Report Administrator	Create, edit, delete, and execute Access Review Summary Reports	Reports - Access Review Summary Reports only Reports > View Dashboards
Account Administrator	Perform all operations on users, including assigning capabilities. Does not include bulk operations.	Accounts - List Accounts, Find Users, Extract to File, Load from File, Load from Resource tabs Passwords - All subtabs Work Items - Approvals subtab Tasks - All subtabs
Admin Report Administrator	Create, edit, delete, and run administrator reports.	Reports - Manage Reports, Run Reports subtabs (Administrator report only)
Admin Role Administrator	Create, edit, and delete admin roles.	Security - Admin Roles subtab
Application Administrator	Create, edit, and delete Application roles.	Tasks - Find Tasks, All Tasks, Run Tasks subtabs (synchronize roles) Roles - All subtabs
Approver Administrator	Approve or reject requests initiated by other users.	Default only
Asset Administrator	Create, edit, and delete Asset roles.	Tasks - Find Tasks, All Tasks, Run Tasks subtabs (synchronize roles) Roles - All subtabs
Assign Audit Policies	Assign audit policies to user accounts and organizations.	Accounts - Edit User Audit Policy from the User Actions list. Accounts - Edit Organization Audit Policy from the Organization Actions list.
Assign Organization Audit Policies	Assign audit policies to organizations only.	Accounts - Edit Organization Audit Policy from the Organization Actions list; List Accounts tab
Assign User Audit Policies	Assign audit policies to users only.	Accounts - Edit User Audit Policy from the User Actions list; List Accounts tab; Find Users tab
Assign User Capabilities	Change user capabilities assignments (assign and unassign).	Accounts - List Accounts (Edit only), Find Users subtabs. Must be assigned with another user administrator capability (for example, Create User or Enable User).
Audit Policy Administrator	Create, modify, and delete audit policies.	Compliance - Manage Policies
Audit Policy Scan Report Administrator	Create, modify, delete, and execute the Audit Policy Scan Report.	Reports - Audit Policy Scan reports only
Audit Report Administrator	Create, modify, delete, and execute audit reports.	Reports - Audit report only
Audited Attribute Report Administrator	Create, modify, delete, and execute the Audited Attribute Report.	Reports - Audited Attribute reports only
AuditLog Report Administrator	Create, modify, delete, and execute the AuditLog Report.	Reports - AuditLog reports only
Auditor Access Scan Administrator	Create, edit, and delete Periodic Access Review scans	Compliance - Manage Access Scans
Auditor Administrator	Set up, manage, and monitor audit policies, audit scans and user compliance.	Compliance - All subtabs Reports - Run Reports, View Reports, and manage Auditor Reports Accounts - Edit User Audit Policies and Edit Organization Audit Policies actions.
Auditor Attestor	Required to attest other users’ attestations while organization security is enabled.	Default only
Auditor Periodic Access Review Administrator	Manage Periodic Access Reviews (PAR), manage access scans, manage attestations, manage PAR reports.	Compliance - Manage Access Scans, Access Review subtabs
Auditor Remediator	Remediate, mitigate, and forward audit policy violations.	Remediations - All subtabs
Auditor Report Administrator	Create, modify, delete, and execute any of the Auditor Reports.	Reports - all actions on auditor reports
Auditor View User	View compliance information associated with user.	Accounts - List Accounts, Find Users tabs
AuditPolicy Violation History Administrator	Create. modify, delete, and execute the AuditPolicy Violation History report.	Reports - AuditPolicy Violation History reports only
Bulk Account Administrator	Perform regular and bulk operations on users, including assigning capabilities.	Accounts - All subtabs Passwords - All subtabs Approvals - All subtabs Tasks - All subtabs
Bulk Change Account Administrator	Perform regular and bulk operations except delete on existing users, including assigning capabilities.	Accounts - List Accounts, Find Users, Launch Bulk Actions subtabs. Cannot create or delete users. Passwords - All subtabs Approvals - All subtabs Tasks - All subtabs
Bulk Change Resource Password Administrator	Change the password for the specified resource connection account on the specified resources.	Resources -Launch Bulk Actions subtab
Bulk Change User Account Administrator	Perform regular and bulk operations except delete on existing users.	Accounts - List Accounts, Find Users, Launch Bulk Actions subtabs. Cannot create, delete, or assign capabilities to users. Passwords - All subtabs Tasks - All subtabs
Bulk Create User	Assign resources and initiate user create requests (on individual users and by using bulk operations).	Accounts - List Accounts (Create only), Find Users, Launch Bulk Actions subtabs Tasks - All subtabs
Bulk Delete User	Delete Identity Manager user accounts; deprovision, unassign, and unlink resource accounts (on individual users and by using bulk operations).	Accounts - List Accounts (Create only), Find Users, Launch Bulk Actions subtabs Tasks - All subtabs
Bulk Delete IDM User	Delete existing Identity Manager user accounts (on individual users and by using bulk operations).	Accounts - List Accounts (Delete only), Find Users, Launch Bulk Actions subtabs Tasks - All subtabs
Bulk Deprovision User	Delete and unlink existing resource accounts (on individual users and by using bulk operations).	Accounts - List Accounts (Deprovision only), Find Users, Launch Bulk Actions subtabs Tasks - All subtabs
Bulk Disable User	Disable existing users and resource accounts (on individual users and by using bulk operations).	Accounts - List Accounts (Disable only), Find Users, Launch Bulk Actions subtabs Tasks - All subtabs
Bulk Enable User	Enable existing users and resource accounts (on individual users and by using bulk operations).	Accounts - List Accounts (Enable only), Find Users, Launch Bulk Actions subtabs Tasks - All subtabs
Bulk Reset Resource Password Administrator	Reset the password for the specified resource connection account on the specified resources.	Resources -Launch Bulk Actions subtab
Bulk Unassign User	Unassign and unlink existing resource accounts (on individual users and by using bulk operations).	Accounts - List Accounts (Unassign only), Find Users, Launch Bulk Actions subtabs Tasks - All subtabs
Bulk Unlink User	Unlink existing resource accounts (on individual users and by using bulk operations).	Accounts - List Accounts (Unlink only), Find Users, Launch Bulk Actions subtabs Tasks - All subtabs
Bulk Update User	Update existing users and resource accounts (on individual users and by using bulk operations).	Accounts - List Accounts (Update only), Find Users, Launch Bulk Actions subtabs Tasks - All subtabs
Bulk User Account Administrator	Perform all regular and bulk operations on users.	Accounts - All subtabs Passwords - All subtabs Tasks - All subtabs
Business Role Administrator	Create, edit, and delete Business Roles.	Tasks - Find Tasks, All Tasks, Run Tasks subtabs (synchronize roles) Roles - All subtabs
Capability Administrator	Create, modify, and delete capabilities.	Configure - Capabilities subtab
Change Account Administrator	Perform all operations except delete on existing users, including assigning capabilities. Does not include bulk operations	Accounts - All subtabs. Cannot delete users. Passwords - All subtabs Approvals - All subtabs Tasks - All subtabs Reports - Create admin and user reports, run and edit admin reports, run AuditLog reports in scope. Cannot run admin and user reports on out-of-scope organizations.
Change Active Sync Resource Administrator	Change active sync resource parameters.	Tasks - Find Tasks, All Tasks, Run Tasks subtabs Resources - For Active Sync resources: Edit actions menu, Edit Active Sync Parameters
Change Password Administrator	Change user and resource account passwords.	Accounts - List Accounts, Find Users subtabs (Change Password only) Passwords - All subtabs Tasks - All subtabs. Export Password Scan task only (from Run Tasks subtab)
Change Password Administrator (Verification Required)	Change user and resource account passwords following successful validation of the user's authentication question answers.	Accounts - List Accounts, Find Users subtabs (Change Password only; verification required before action) Passwords - All subtabs Tasks - All subtabs. Export Password Scan task only (from Run Tasks subtab)
Change Resource Password Administrator	Change resource administrator account passwords.	Tasks - All subtabs Resources - List Resources subtab. Change resource password only (from Manage Connection-->Change Password in the actions menu)
Change User Account Administrator	Perform all operations except delete on existing users. Does not include bulk operations	Accounts - List Accounts, Find Users subtabs. Cannot create, delete, or assign capabilities to users. Passwords - All subtabs Tasks - All subtabs
Configure Audit	Configure the events and configuration groups audited in the system.	Configure - Audit Events subtab
Configure Certificates	Configure trusted certificates and CRLs.	Security - Certificates subtab
Control Active Sync Resource Administrator	Control Active Sync resource state (such as start, stop, and refresh)	Tasks - Find Tasks, All Tasks, Run Tasks Resources - For Active Sync resources: Active Sync actions menu (all selections)
Create User	Assign resources and initiate user create requests. Does not include bulk operations	Accounts - List Accounts (Create only), Find Users subtabs Tasks - All subtabs
Data Warehouse Administrator	Configure Data Exporter and run the Data Warehouse Exporter Launcher task.	Configure - Warehouse subtab
Data Warehouse Query	Configure and run forensic queries	Compliance / Forensic Query
Debug	Access and execute operations from the Identity Manager debug pages.	The Identity Manager debug pages cannot be accessed from the menu. To access the debug pages, type the following URL into your browser: http://<AppServerHost>:<Port>/idm/ debug
Delete User	Delete Identity Manager user accounts; deprovision, unassign, and unlink resource accounts. Does not include bulk operations.	Accounts - List Accounts (Delete only), Find Users subtabs Tasks - All subtabs
Delete IDM User	Delete Identity Manager user accounts. Does not include bulk operations.	Accounts - List Accounts (Delete only), Find Users subtabs Tasks - All subtabs
Deprovision User	Delete and unlink existing resource accounts. Does not include bulk operations.	Accounts - List Accounts (Deprovision only), Find Users subtabs Tasks - All subtabs
Disable User	Disable existing users and resource accounts. Does not include bulk operations	Accounts - List Accounts (Disable only), Find Users subtabs Tasks - All subtabs
Enable User	Enable existing users and resource accounts. Does not include bulk operations	Accounts - List Accounts (Enable only), Find Users subtabs Tasks - All subtabs
End User Administrator	View and modify the rights to object types specified in the End User capability and the End User Controlled Organizations rule.	NA
IDM Schema Configuration	View and configure the effective schema for Users or Roles using the Identity Manager configuration object IDM Schema Configuration.	NA
Import User	Import users from defined resources.	Accounts - Extract to File, Load from File, Load from Resource subtabs
Import/Export Administrator	Import and export all types of objects.	Configure - Import Exchange File subtab
IT Role Administrator	Create, edit, and delete IT Roles.	Tasks - Find Tasks, All Tasks, Run Tasks subtabs (synchronize roles) Roles - All subtabs
Login Administrator	Edit the set of login modules for a given login interface.	Configure - Login subtab
Organization Administrator	Create, edit, and delete organizations.	Accounts - List Accounts subtab (Edit and create organizations and directory junctions, delete organizations only)
Organization Approver	Approve requests for new organizations.	Work Items - Approvals subtab
Organization Violation History Administrator	Create. modify, delete, and execute the Organization Violation History report.	Reports - Organization Violation History reports only
Password Administrator	Change and reset user and resource account passwords.	Accounts - List Accounts (list, change, and reset passwords only), Find Users subtabs Passwords - All subtabs Tasks - All subtabs
Password Administrator (Verification Required)	Change and reset user and resource account passwords following successful validation of the user's authentication question answers.	Accounts - List Accounts (list, change, and reset passwords only; verification required before action succeeds), Find Users subtabs Passwords - All subtabs Tasks - All subtabs
Policy Administrator	Create, edit, and delete Policies.	Configure - Policy subtab
Policy Summary Report Administrator	Create, modify, delete, and execute the Policy Summary Report.	Reports - Policy Summary reports only
Product Registration	Register an installation of Identity Manager with Sun Microsystems or create a local service tag.	Configure - Product Registration subtab
Reconcile Administrator	Edit reconciliation policies and control reconciliation tasks.	Server Tasks - All subtabs (View reconcile task). Resources - List Resources subtab
Reconcile Report Administrator	Create, edit, delete, and run reconciliation reports.	Reports - Run Reports (Account Index report only), Manage Reports subtabs
Reconcile Request Administrator	Manage reconciliation requests.	Tasks - All subtabs Resources - List Resources subtab (list and reconciliation features only)
Remedy Integration Administrator	Modify Remedy integration configuration.	Tasks - All subtabs (view tasks, run role synchronization) Configure - Remedy Integration subtab
Rename User	Rename existing users and resource accounts.	Accounts - List Accounts subtab (list all accounts in scope, rename users)
Report Administrator	Configure audit settings and run all report types.	Tasks - All subtabs (view tasks, run role synchronization) Reports - All subtabs
Reset Password Administrator	Reset user and resource account passwords.	Accounts - List Accounts, Find Users subtabs (Reset Password only) Passwords - All subtabs Tasks - All subtabs. Export Password Scan task only (from Run Tasks subtab)
Reset Password Administrator (Verification Required)	Reset user and resource account passwords following successful validation of the user's authentication question answers.	Accounts - List Accounts, Find Users subtabs (Reset Password only; verification required before action succeeds) Passwords - All subtabs Tasks - All subtabs. Export Password Scan task only (from Run Tasks subtab)
Reset Resource Password Administrator	Reset resource administrator account passwords.	Tasks - Find Tasks, All Tasks, Run Tasks subtabs Resources - List Resources subtab. Reset resource password only (from Manage Connection -->Reset Password in the actions menu)
Resource Administrator	Create, modify, and delete resources.	Reports - Resource user report, resource group report returns error on out-of-scope resources. Resources - List Resources subtab (edit global policy, edit parameters, resource groups. Cannot manage connection or resource objects).
Resource Approver	Approve resource assignments	Work Items - Approvals subtab
Resource Group Administrator	Create, edit, and delete resource groups.	Resources - List Resource Groups subtab
Resource Object Administrator	Create, modify, and delete resource objects.	Tasks - Find Tasks, All Tasks, Run Tasks subtabs (view tasks involving resource objects). Resources - List Resources subtab (list and manage resource objects only)
Resource Password Administrator	Change and reset resource proxy account passwords.	Tasks - Find Tasks, All Tasks, Run Tasks subtabs Resources - List Resources subtab. Change resource password only (from Manage Connection-->Change Password in the actions menu)
Resource Report Administrator	Create, edit, delete, and run resource reports.	Reports - All subtabs (resource reports only)
Resource Violation History Administrator	Create. modify, delete, and execute the Resource Violation History report.	Reports - Resource Violation History reports only
Risk Analysis Administrator	Create, edit, delete, and run risk analysis.	Risk Analysis - All subtabs
Role Administrator	Create, modify, and delete roles.	Tasks - Find Tasks, All Tasks, Run Tasks subtabs (synchronize roles) Roles - All subtabs
Role Approver	Approve role assignments	Work Items - Approvals subtab
Role Report Administrator	Create, edit, delete, and run resource reports.	Reports - Role reports only
Run Access Review Detail Report	Run the Access Review Detail Report	Reports - Access Review Detail Report only
Run Access Review Summary Report	Run the Access Review Summary Report	Reports - Access Review Summary Report only
Run Admin Report	Run administrator reports.	Reports - Admin reports only
Run Audit Policy Scan Administrator	Run and manage the Audit Policy Scan Report	Reports - Audit Policy Scan report only
Run Audit Policy Scan Report	Run the Audit Policy Scan Report.	Reports - Audit Policy Scan reports only
Run Audit Report	Run audit reports.	Reports - AuditLog and Usage reports only
Run Audited Attribute Report	Execute the Audited Attribute Report.	Reports - Audited Attribute reports only Reports > View Dashboards
Run Auditor Report	Run any Auditor Report.	Reports - any auditor report Reports > View Dashboards
Run AuditLog Report	Execute the AuditLog Report.	Reports - AuditLog reports only
Run AuditPolicy Violation History	Execute the Organization Violation History report.	Reports - AuditPolicy Violation History reports only Reports > View Dashboards
Run Policy Summary Report	Execute the Policy Summary Report.	Reports - Policy Summary reports only
Run Organization Violation History	Execute the Organization Violation History report.	Reports - Organization Violation History reports only Reports > View Dashboards
Run Reconcile Report	Run reconciliation reports.	Reports - AuditLog and Usage reports only
Run Resource Report	Run resource reports.	Reports - AuditLog and Usage reports only
Run Resource Violation History	Execute the Resource Violation History report.	Reports - Resource Violation History reports only
Run Risk Analysis	Run risk analysis.	Reports - Run Risk Analysis, View Risk Analysis subtabs
Run Role Report	Run role reports.	Reports - Role reports only
Run Separation of Duties Report	Run a Separation of Duties Report	Reports - Separation of Duties Report only Reports > View Dashboards
Run Task Report	Run task reports.	Reports - Task reports only
Run User Access Report	Execute the Detailed User Report.	Reports - User Access reports only Reports > View Dashboards
Run User Report	Run user reports.	Reports - User reports only
Run Violation Summary Report	Execute the Violation Summary report.	Reports - Violation Summary reports only Reports > View Dashboards
Security Administrator	Create users with capabilities; manage encryption keys, login configuration, and policies.	Accounts - List Accounts (delete, create, update, edit, change and edit passwords), Find Users subtabs (audit report) Passwords - All subtabs Tasks - Find Tasks, All Tasks, Run Tasks subtabs Reports - All subtabs Resources - List Resources (list and control resource objects) Security - Policies, Login subtabs
Separation of Duties Report Administrator	Create, edit, run, and delete a Separation of Duties Report.	Reports - all actions for Separation of Duties Report only
Service Provider Admin Role	Manage Service Provider Admin Roles and the associated rules.	Security - Admin Roles tab
Service Provider Administrator	Create, edit, and manage service provider users and transactions; configure the transaction database and tracked events.	Accounts - Manage Service Provider Users subtab Server Tasks > Service Provider Transactions tab Reports > View Dashboards tab Reports > Dashboard Configuration tab Service Provider - all subtabs
Service Provider Create User	Create user accounts for service provider (extranet) users.	Accounts - Manage Service Provider Users subtab
Service Provider Delete User	Delete a service provider user account.	Accounts - Manage Service Provider Users subtab
Service Provider Update User	Update a service provider user account.	Accounts - Manage Service Provider Users subtab
Service Provider User Administrator	Manage service provider (extranet) users.	Accounts > Manage Service Provider Users - all subtabs
Service Provider View User	View service provider (extranet) user account information.	Accounts - Manage Service Provider Users subtab
SPML Access	Allows access to the Service Provisioning Markup Language (SPML) features in Identity Manager.	Security - Capabilities subtab
Task Report Administrator	Create, edit, delete, and run task reports.	Reports - Task Report only.
Unassign User	Unassign and unlink existing resource accounts. Does not include bulk operations.	Accounts - List Accounts (Unassign only), Find Users subtabs Tasks - All subtabs
Unlink User	Unlink existing resource accounts. Does not include bulk operations.	Accounts - List Accounts (Unlink only), Find Users subtabs Tasks - All subtabs
Unlock User	Unlock existing user’s resource accounts that support unlock. Does not include bulk operations.	Accounts - List Accounts (Unlock only), Find Users subtabs Tasks - Find Tasks, All Tasks, Run Tasks subtabs
Update User	Edit existing users and initiate user update requests.	Accounts - Edit and update users Tasks - Manage existing tasks (from the All Tasks subtab)
User Access Report Administrator	Create, run, edit, and delete a User Access Report	Reports - User Access Report only Reports > View Dashboards
User Account Administrator	All operations on users.	Accounts - List Accounts, Find Users, Extract to File, Load from File, Load from Resource subtabs. Cannot assign user capabilities (Security form tab on List Accounts subtab). Tasks - Find Tasks, All Tasks, Run Tasks subtabs
User Report Administrator	Create, edit, delete, and run user reports.	Reports - Run user reports.
View User	View individual user details.	Accounts - Select users from the list to view individual user account information. No change actions allowed.
Violation Summary Report Administrator	Create. modify, delete, and execute the Violation Summary report.	Reports - Violation Summary reports only Reports > View Dashboards
Waveset Administrator	Perform system-wide tasks, such as modification of system configuration objects.	Server Tasks - All subtabs. Synchronize roles, edit source adapter template, and schedule reports Reports - All subtabs Resources - List Resources (list only; no change actions allowed) Configure - Audit, Email Templates, Form and Process Mappings, and Servers subtabs

---

Functional Capabilities Definitions

Functional capabilities consist of task-based capabilities, as well as other functional capabilities.

Account Administrator

Approver Administrator
Organization Approver
Resource Approver
Role Approver
Assign User Capabilities
SPML Access
User Account Administrator
Create User
Delete User
Delete IDM User
Deprovision User
Unassign User
Unlink User
Disable User
Enable User
Password Administrator
Change Password Administrator
Reset Password Administrator
Rename User
Unlock User
Update User
View User
Import User

Admin Role Administrator

Auditor Administrator

Assign Audit Policies
Assign Organization Audit Policies
Assign User Audit Policies
Audit Policy Administrator
Auditor View User
Auditor Periodic Access Review Administrator
Auditor Access Scan Administrator
Auditor Report Administrator
Password Administrator
User Account Administrator
Assign User Capabilities

Auditor Report Administrator

Access Review Detail Report Administrator
Run Access Review Detail Report
Access Review Summary Report Administrator
Run Access Review Summary Report
Audit Policy Scan Report Administrator
Run Audit Policy Scan Report
Audited Attribute Report Administrator
Run Audited Attribute Report
AuditPolicy Violation History Administrator
Run Audit Policy Violation History Report
Organization Violation History Administrator
Run Organization Violation History Report
Policy Summary Report Administrator
Resource Violation History Administrator
Run Resource Violation History Report
Run Auditor Report
Separation of Duties Report Administrator
Run Separation of Duties Report
User Access Report Administrator
Run User Access Report
Violation Summary Report Administrator

Auditor View User

View User

Bulk Account Administrator

Approver Administrator
Assign User Capabilities
Bulk User Account Administrator
Bulk Create User
Bulk Delete User
Bulk Delete IDM User
Bulk Deprovision User
Bulk Unassign User
Bulk Unlink User
Bulk Disable User
Bulk Enable User
Password Administrator
Rename User
Unlock User
View User
Import User

Bulk Change Account Administrator

Approver Administrator
Assign User Capabilities
Bulk Change User Account Administrator
Bulk Disable User
Bulk Enable User
Bulk Update User
Password Administrator
Rename User
Unlock User
View User

Bulk Resource Administrator

Change Active Sync Resource Administrator
Control Active Sync Resource Administrator
Resource Group Administrator

Bulk Resource Password Administrator

Bulk Change Resource Password Administrator
Bulk Reset Resource Password Administrator

Capability Administrator

Change Account Administrator

Approver Administrator
Assign User Capabilities
Change User Account Administrator
Password Administrator
Change Password Administrator
Reset Password Administrator
Disable User
Enable User
Rename User
Unlock User
Update User
View User

Configure Certificates

Data Warehouse Administrator

Data Warehouse Query

Debug

End User Administrator

IDM Schema Configuration

Import/Export Administrator

License Administrator

Login Administrator

Meta View Administrator

Organization Administrator

Password Administrator (Verification Required)

Change Password Administrator (Verification Required)
Reset Password Administrator (Verification Required)

Policy Administrator

Product Registration

Reconcile Administrator

Reconcile Request Administrator

Remedy Integration Administrator

Report Administrator

Admin Report Administrator
Run Admin Report
Audit Report Administrator
Run Audit Report
Auditor Report Administrator
Access Review Detail Report Administrator
Run Access Review Detail Report
Access Review Summary Report Administrator
Run Access Review Summary Report
Audit Policy Scan Report Administrator
Run Audit Policy Scan Report
Audited Attribute Report Administrator
Run Audited Attribute Report
AuditLog Report Administrator
Run AuditLog Report
AuditPolicy Violation History Administrator
Run AuditPolicy Violation History
Organization Violation History Administrator
Run Organization Violation History
Policy Summary Report Report Administrator
Run Policy Summary Report
Reconcile Report Administrator
Run Reconcile Report
Resource Violation History Administrator
Run Resource Violation History
Run Auditor Report
Run Access Review Detail Report    
Run Access Review Summary Report    
Run Audit Policy Scan Report
Run Audited Attribute Report
Run AuditLog Report
Run AuditPolicy Violation History
Run Organization Violation History
Run Policy Summary Report
Run Resource Violation History
Run Separation of Duties Report
Run User Access Report
Run Violation Summary Report
Separation of Duties Report Administrator
Run Separation of Duties Report
User Access Report Administrator
Run User Access Report
Violation Summary Report Administrator
Run Violation Summary Report
Reconcile Report Administrator
Run Reconcile Report
Resource Report Administrator
Run Resource Report
Risk Analysis Administrator
Run Risk Analysis
Role Report Administrator
Run Role Report
Task Report Administrator
Run Task Report
User Report Administrator
Run User Report
Configure Audit

Resource Administrator

Change Active Sync Resource Administrator
Control Active Sync Resource Administrator
Resource Group Administrator

Resource Object Administrator

Resource Password Administrator

Change Resource Password Administrator
Reset Resource Password Administrator

Role Administrator

Application Administrator
Asset Administrator
Business Role Administrator
IT Role Administrator

Security Administrator

Service Provider Administrator

Service Provider User Administrator
Service Provider Create User
Service Provider Delete User
Service Provider Update User
Service Provider View User

Service Provider Admin Role Administrator

Waveset Administrator

Previous      Contents      Index      Next

---

Part No: 820-2954-10.   Copyright 2008 Sun Microsystems, Inc. All rights reserved.