After new end users have been created in a suborganization they need to be assigned roles. Roles can be inherited from the parent organization.
Log in to the Access Manager admin console at http://hostname:port/amconsole.
Select the Identity Management tab.
Select Roles in the View drop down list in the navigation pane (the lower-left frame).
Click on the property arrow to the right of the role you wish to assign.
A page for that role appears in the data pane (the lower-right frame).
Select Users from the View drop down list in the data pane.
The Add Users page appears.
Enter a matching pattern to identify users.
For example, in the UserId field an asterisk, *, lists all users.
The Select User page appears.
On the Select User page, check the Show Parentage Path check box and click Refresh.
The parentage path is displayed.
Select the users to be assigned to this role.