Sun Identity Manager Deployment Guide

What are Authorization Types?

Identity Manager provides authorization types as a mechanism for assigning authorization rights to objects without requiring code changes. This extensible mechanism is independent of the repository storage type, and is especially useful for TaskDefinition and Configuration objects. Although these objects share the same repository type, each object type can perform vastly different functions that consequently require different authorization. For example, rules must have an authorization type of UserMembersRule to appear in the User Members Rules drop-down list. Both default and custom authorization types reside in the Configuration:AuthorizationTypes object.

Authorization types are repository-type independent, which means that you can define one authorization type and assign it to, for example, both Configuration and Rule objects. This allows you to use authorization types to filter lists of objects of a single type, or as a means of granting access to a related set of objects to a subset of Identity Manager administrators with a specific capability.