Admin Roles (Sun Identity Manager Service Provider 8.1 Deployment)

Sun Identity Manager Service Provider 8.1 Deployment

Previous: Organization-Based Authorization
Next: Chapter 3 LighthouseContext API

Admin Roles

For granting fine-grain capabilities and scope of control on Service Provider users, use an Admin Role whose authType is ServiceProviderUserAdminRole. The Admin Roles can be configured to be dynamically assigned to one or more Identity Manager or Service Provider Users at login time.

Rules can be defined and applied to the Admin Roles that specify the capabilities (such as Service Provider Create User) of the members of that admin role.

To use Admin Role delegation for Service Provider users, you must enable it in the Identity Manager system configuration object. See Business Administrator's Guide for detailed information about this task.

To define this type of Admin Role, you must create one or more rules. See Delegated Administration for more information.

Previous: Organization-Based Authorization
Next: Chapter 3 LighthouseContext API