This section describes each of the task-based capabilities that can be assigned to users. It also lists the tabs and subtabs that can be accessed with each capability. Capabilities are listed in alphabetical order by name.
This table does not include information about default tabs and subtabs that are available to all users, such as the Change My Password tab.
Capability |
Allows the Administrator/User to |
Can Access These Tabs and Subtabs |
---|---|---|
Access Review Detail Report Administrator |
Create, edit, delete, and execute Access Review Detail Reports, Access Review Coverage Reports, and Access Scan User Scope Coverage Reports |
Reports -> Run Reports tab and View Reports tab |
Access Review Summary Report Administrator |
Create, edit, delete, and execute Access Review Summary Reports |
Reports -> Run Reports tab and View Reports tab |
Account Administrator |
Perform all operations on users, including assigning capabilities. Does not include bulk operations. |
Accounts -> List Accounts, Find Users, Extract to File, Load from File, and Load from Resource tabs Passwords -> Change User Password tab and Reset User Password tab Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Roles -> List Roles tab and Find Roles tab |
Admin Report Administrator |
Create, edit, delete, and run Administrator reports and Admin role reports.. |
Reports -> Run Reports tab and View Reports tab (Administrator and Admin Role reports only) |
Admin Role Administrator |
Create, edit, and delete admin roles. |
Security -> Admin Roles tab |
Application Administrator |
Create, edit, and delete Application roles. |
Server Tasks -> Find Tasks, All Tasks, Run Tasks tabs (synchronize roles) Roles -> List Roles tab and Find Roles tab |
Asset Administrator |
Create, edit, and delete Asset roles. |
Server Tasks -> Find Tasks, All Tasks, Run Tasks tabs (synchronize roles) Roles -> List Roles tab and Find Roles tab |
Assign Audit Policies Administrator |
Assign audit policies to user accounts and organizations. Edit the User Audit Policy from the User Actions list and edit the Organization Audit Policy from the Organization Actions list. |
Accounts -> List Accounts tab and Find Users tab. |
Assign Organization Audit Policies Administrator |
Assign audit policies to organizations only. Edit the Organization Audit Policy from the Organization Actions list. |
Accounts -> List Accounts tab |
Assign User Audit Policies Administrator |
Assign audit policies to users only. Edit the User Audit Policy from the User Actions list |
Accounts -> List Accounts tab and Find Users tab |
Assign User Capabilities |
Change user capabilities assignments (assign and unassign). Must be assigned with another user administrator capability (for example, Create User or Enable User). |
Accounts -> List Accounts (edit only) and Find Users tabs. |
Audit Policy Administrator |
Create, modify, and delete audit policies. |
Compliance -> Manage Policies tab |
Audit Policy Scan Report Administrator |
Run or schedule audit policy scan tasks. |
Server Tasks -> Find Tasks, All Tasks, Run Tasks, and Manage Schedule tabs |
Audit Report Administrator |
Create, modify, delete, and execute audit reports. Access to AuditLog, Historical User Changes, Individual User AuditLog, and Usage reports only. |
Reports -> Run Reports tab and View Reports tab. |
AuditLog Report Administrator |
Create, modify, delete, and execute the AuditLog Report. |
Reports -> Run Reports tab |
Audited Attribute Report Administrator |
Create, modify, delete, and execute the Audited Attribute Report. |
Reports -> Run Reports tab and View Reports tab |
Auditor Access Scan Administrator |
Create, edit, and delete Periodic Access Review scans |
Compliance -> Manage Access Scans tab |
Auditor Administrator |
Set up, manage, and monitor audit policies, audit scans, and user compliance. |
Accounts -> List Accounts tab and Find Users tab Server Tasks -> Find Tasks, All Tasks, Run Tasks, and Manage Schedule tabs Reports -> Run Reports tab and View Reports tab Compliance -> Manage Policies, Manage Access Scans, and Access Reviews tabs |
Auditor Attestor |
Required to attest other users’ attestations while organization security is enabled. |
Default Passwords and Work Items tabs only |
Auditor Periodic Access Review Administrator |
Manage Periodic Access Reviews (PAR), manage access scans, manage attestations, manage PAR reports. |
Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Compliance -> Manage Access Scans tab and Access Review tab |
Auditor Remediator |
Remediate, mitigate, and forward audit policy violations. |
Default Passwords and Work Items tabs only |
Auditor Report Administrator |
Create, modify, delete, and execute any of the Auditor Reports. |
Server Tasks -> Find Tasks, All Tasks, Run Tasks, and Manage Schedule tabs Reports -> all actions on auditor reports |
Auditor View User |
View compliance information associated with user. |
Accounts -> List Accounts tab and Find Users tab |
Audit Policy Violation History Administrator |
Create. modify, delete, and execute the Audit Policy Violation History report. |
Reports -> Run Reports tab |
Bulk Account Administrator |
Perform regular and bulk operations on users, including assigning capabilities. |
Accounts -> List Accounts, Find Users, Launch Bulk Actions, Extract to File, Load from File, and Load from Resource tabs Passwords -> Change User Password tab and Reset User Password tab Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Roles -> List Roles tab and Find Roles tab |
Bulk Change Account Administrator |
Perform regular and bulk operations except delete on existing users, including assigning capabilities. Cannot create or delete users. |
Accounts -> List Accounts, Find Users, and Launch Bulk Actions tabs. Passwords -> Change User Password tab and Reset User Password tab Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Roles -> List Roles tab and Find Roles tab |
Bulk Change Resource Password Administrator |
Change the password for the specified resource connection account on the specified resources. |
Server Tasks -> Find Tasks, All Tasks, and Run Tasks tab Resources -> List Resources tab and Launch Bulk Actions tab |
Bulk Change User Account Administrator |
Perform regular and bulk operations except delete on existing users. Cannot create, delete, or assign capabilities to users. |
Accounts -> List Accounts, Find Users, and Launch Bulk Actions tabs. Passwords -> Change User Password tab and Reset User Password tab Server Tasks -> Find Tasks, All Tasks, and Run Tasks tab Roles -> List Roles tab and Find Roles tab |
Bulk Create Users |
Assign resources and initiate user create requests (on individual users and by using bulk operations). |
Accounts -> List Accounts (Create only), Find Users, and Launch Bulk Actions tabs Server Tasks -> Find Tasks, All Tasks, and Run Tasks tab Roles -> List Roles tab and Find Roles tab |
Bulk Delete Users |
Delete Identity Manager user accounts; deprovision, unassign, and unlink resource accounts (on individual users and by using bulk operations). |
Accounts -> List Accounts, Find Users, and Launch Bulk Actions tabs Server Tasks -> Find Tasks, All Tasks, and Run Tasks tab Roles -> List Roles tab and Find Roles tab |
Bulk Delete IDM Users |
Delete existing Identity Manager user accounts (on individual users and by using bulk operations). |
Accounts -> List Accounts (Delete only), Find Users, and Launch Bulk Actions tabs Server Tasks -> Find Tasks, All Tasks, and Run Tasks tab Roles -> List Roles tab and Find Roles tab |
Bulk Deprovision User |
Delete and unlink existing resource accounts (on individual users and by using bulk operations). |
Accounts -> List Accounts (Deprovision only), Find Users, and Launch Bulk Actions tabs Server Tasks -> Find Tasks, All Tasks, and Run Tasks tab Roles -> List Roles tab and Find Roles tab |
Bulk Disable User |
Disable existing users and resource accounts (on individual users and by using bulk operations). |
Accounts -> List Accounts (Disable only), Find Users, and Launch Bulk Actions tabs Server Tasks -> Find Tasks, All Tasks, and Run Tasks tab Roles -> List Roles tab and Find Roles tab |
Bulk Enable User |
Enable existing users and resource accounts (on individual users and by using bulk operations). |
Accounts -> List Accounts (Enable only), Find Users, and Launch Bulk Actions tabs Server Tasks -> Find Tasks, All Tasks, and Run Tasks tab Roles -> List Roles tab and Find Roles tab |
Bulk Reset Resource Password Administrator |
Reset the password for the specified resource connection account on the specified resources. |
Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Resources -> List Resources tab and Launch Bulk Actions tab |
Bulk Unassign User |
Unassign and unlink existing resource accounts (on individual users and by using bulk operations). |
Accounts -> List Accounts (Unassign only), Find Users, and Launch Bulk Actions tabs Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Roles -> List Roles tab and Find Roles tab |
Bulk Unlink User |
Unlink existing resource accounts (on individual users and by using bulk operations). |
Accounts -> List Accounts (Unlink only), Find Users, and Launch Bulk Actions tabs Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Roles -> List Roles tab and Find Roles tab |
Bulk Update Users |
Edit, move, and update existing users and resource accounts (on individual users and by using bulk operations). |
Accounts -> List Accounts (edit, move, and update actions only), Find Users, and Launch Bulk Actions tabs Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Roles -> List Roles tab and Find Roles tab |
Bulk User Account Administrator |
Perform all regular and bulk operations on users. |
Accounts -> List Accounts, Find Users, Launch Bulk Actions, Extract to File, Load from File, and Load from Resource tabs Passwords -> Change User Password tab and Reset User Password tab Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Roles -> List Roles tab and Find Roles tab |
Business Role Administrator |
Create, edit, and delete Business Roles. |
Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs (synchronize roles) Roles -> List Roles tab and Find Roles tab |
Capability Administrator |
Create, modify, and delete capabilities. |
Security -> Capabilities tab |
Change Account Administrator |
Perform all operations except delete on existing users, including assigning capabilities. Does not include bulk operations Create admin and user reports, run and edit admin reports, run AuditLog reports in scope. Cannot run admin or user reports on out-of-scope organizations. Cannot delete users. |
Accounts -> List Accounts tab and Find Users tab Passwords -> Change User Password tab and Reset User Password tab Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Roles -> List Roles tab and Find Roles tab |
Change Resource Active Sync Administrator |
Change Active Sync resource parameters. |
Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Resources -> List Resources tab |
Change Password Administrator |
Change user and resource account passwords. Access to Export Password Scan task only (from Run Tasks tab) |
Accounts -> List Accounts tab and Find Users tab Passwords -> Change User Password Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs. Roles -> List Roles tab and Find Roles tab |
Change Password Administrator (Verification Required) |
Change user and resource account passwords following successful validation of the user’s authentication question answers. Access to Export Password Scan task only (from Run Tasks tab) |
Accounts -> List Accounts tab and Find Users tab Passwords -> Change User Password tab (verification required before action) Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Roles -> List Roles tab and Find Roles tab |
Change Resource Password Administrator |
Change resource administrator account passwords. Change resource passwords only (from Manage Connection -> Change Password in the actions menu) |
Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Resources -> List Resources tab. |
Change User Account Administrator |
Perform all operations on existing users except deletes and bulk operations. Also cannot create, delete, or assign capabilities to users. |
Accounts -> List Accounts tab and Find Users tab Passwords -> Change User Password tab and Reset User Password tab Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Roles -> List Roles tab and Find Roles tab |
Configure Audit |
Configure the events and configuration groups audited in the system. |
Configure -> Audit tab |
Configure Certificates |
Configure trusted certificates and CRLs. |
Security -> Certificates tab |
Control Active Sync Resource Administrator |
Control Active Sync resource state (such as start, stop, and refresh) |
Resources -> List Resources tab For Active Sync resources: Active Sync actions menu |
Create User |
Assign resources and initiate user create requests. Does not include bulk operations |
Accounts -> List Accounts (Create only) tab and Find Users tab Server Tasks -> Find Tasks, All Tasks, and Run tasks tabs Roles -> List Roles tab and Find Roles tab |
Data Warehouse Administrator |
Configure Data Exporter and run the Data Warehouse Exporter Launcher task. |
Reports -> Dashboard Graphs tab and View Dashboards tab Resources -> List Resources tab Configure -> Warehouse tab |
Data Warehouse Query |
Configure and run forensic queries |
Reports -> Dashboard Graphs tab and View Dashboards tab Resources -> List Resources tab Compliance -> Forensic Query |
Delete User |
Delete Identity Manager user accounts; deprovision, unassign, and unlink resource accounts. Does not include bulk operations. |
Accounts -> List Accounts (Delete only) tab and Find Users tab Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Roles -> List Roles tab and Find Roles tab |
Delete IDM User |
Delete Identity Manager user accounts. Does not include bulk operations. |
Accounts -> List Accounts (Delete only) tab and Find Users tab Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Roles -> List Roles tab and Find Roles tab |
Deprovision User |
Delete and unlink existing resource accounts. Does not include bulk operations. |
Accounts -> List Accounts (Deprovision only) tab and Find Users tab Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Roles -> List Roles tab and Find Roles tab |
Disable User |
Disable existing users and resource accounts. Does not include bulk operations |
Accounts -> List Accounts (Disable only) tab and Find Users tab Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Roles -> List Roles tab and Find Roles tab |
Enable User |
Enable existing users and resource accounts. Does not include bulk operations |
Accounts -> List Accounts (Enable only) tab and Find Users tab Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Roles -> List Roles tab and Find Roles tab |
End User Administrator |
View and modify the rights to object types specified in the End User capability and the End User Controlled Organizations rule. |
All default tabs |
External Resource Administrator |
View and configure external resources only. Cannot create new resources. |
Configure -> External Resources tab |
Configure Identity Manager Schema |
View and configure the effective schema for Users or Roles using the Identity Manager configuration object IDM Schema Configuration. |
All default tabs |
Import User |
Import users from defined resources. |
Accounts -> List Accounts, Find Users, Extract to File, Load from File, and Load from Resource tabs Roles -> List Roles tab and Find Roles tab |
Import/Export Administrator |
Import and export all types of objects. |
Configure -> Import Exchange File tab |
IT Role Administrator |
Create, edit, and delete IT Roles. |
Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs (synchronize roles) Roles -> List Roles tab and Find Roles tab |
Login Administrator |
Edit the set of login modules for a given login interface. |
Security -> Login tab |
Organization Administrator |
Create and edit organizations and directory junctions. Delete organizations only. |
Accounts -> List Accounts tab |
Organization Approver |
Approve requests for new organizations. |
Default Passwords and Work Items tabs only |
Organization Violation History Administrator |
Create, edit, delete, and execute the Organization Violation History reports only. |
Reports -> Run Reports tab |
Password Administrator |
List, change, and reset user and resource account passwords. |
Accounts -> List Accounts tab and Find Users tabs Passwords -> Change User Password tab and Reset User Password tab Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Roles -> List Roles tab and Find Roles tab |
Password Administrator (Verification Required) |
List, change, and reset user and resource account passwords only. Successful validation of the user’s authentication question answers required before action succeeds. |
Accounts -> List Accounts tab and Find Users tab Passwords -> Change User Password tab and Reset User Password tab Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Roles -> List Roles tab and Find Roles tab |
Perform Debug |
Access and execute operations from the Identity Manager debug pages. Note – The Identity Manager debug pages cannot be accessed from the menu. To access the debug pages, type the following URL into your browser: http://<AppServerHost>:<Port>/idm/debug |
All default tabs |
Policy Administrator |
Create, edit, and delete Policies. |
Security -> Policies tab |
Policy Summary Report Report Administrator |
Create, edit, delete, and execute the Policy Summary Reports. |
Reports -> Run Report tab and View Reports tab |
Register Identity Manager Product Component |
Register an installation of Identity Manager with Sun Microsystems or create a local service tag. |
Configure -> Product Registration tab |
Reconcile Administrator |
Edit reconciliation policies and control reconciliation tasks. |
Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs (View reconcile task). Resources -> List Resources tab and Examine Account Index tab |
Reconcile Report Administrator |
Create, edit, delete, and run reconciliation reports. |
Reports -> Run Reports tab (Account Index report only) and View Reports tab |
Reconcile Request Administrator |
Manage reconciliation requests. |
Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Resources -> List Resources tab (list and reconciliation features only) and View Reports tab |
Remedy Integration Administrator |
Edit Remedy integration configuration (view tasks, run role synchronization). |
Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Configure -> Remedy Integration tab |
Rename User |
Rename existing users and resource accounts (list all accounts in scope, rename users). |
Accounts -> List Accounts tab and Find Users tab Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Roles -> List Roles tab and Find Roles tab |
Report Administrator |
Configure audit settings and run all report types (view tasks, run role synchronization). |
Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Reports -> Run Reports, View Reports, Run Risk Analysis, and View Risk Analysis tabs Roles -> List Roles tab and Find Roles tab Configure -> Audit tab |
Reset Password Administrator |
Reset user and resource account passwords. |
Accounts -> List Accounts tab and Find Users tab (Reset Password only) Passwords -> Reset User Password Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs (No tasks are available to users with this capability) Roles -> List Roles tab and Find Roles tab |
Reset Password Administrator (Verification Required) |
Reset user and resource account passwords. Successful validation of the user’s authentication question answers is required before action succeeds. |
Accounts -> List Accounts tab and Find Users tab Passwords -> Reset User Password Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs (No tasks are available to users with this capability) Roles -> List Roles tab and Find Roles tab |
Reset Resource Password Administrator |
Reset resource administrator account passwords (from Manage Connection -> Reset Password in the actions menu). |
Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Resources -> List Resources tab |
Resource Administrator |
Create, edit, and delete resources. Resource User Report and Resource Group Report return an error on out-of-scope resources. Edit global policies, parameters, and resource groups. Cannot manage connections or resource objects |
Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Resources -> List Resources, List Resource Groups, and Examine Account Index tabs Configure -> Connector Servers |
Resource Approver |
Approve resource assignments |
All default Passwords and Work Items tabs |
Resource Group Administrator |
Create, edit, and delete resource groups. |
Resources -> List Resource Groups tab |
Resource Object Administrator |
View, create, modify, and delete resource objects. |
Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Resources -> List Resources tab |
Resource Password Administrator |
Change and reset resource proxy account passwords. |
Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Resources -> List Resources tab (Change resource password only from Manage Connection -> Change Password in the actions menu) |
Resource Report Administrator |
Create, edit, delete, and run resource reports. |
Reports -> Run Reports tab and View Reports tab |
Resource Violation History Administrator |
Create, edit, delete, and execute Resource Violation History reports. |
Reports -> Run Reports |
Risk Analysis Administrator |
Create, edit, delete, and run risk analysis. |
Reports -> Risk Analysis tab and View Risk Analysis tab |
Role Administrator |
Create, edit, synchronize, and delete roles. |
Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Roles -> List Roles tab and Find Roles tab |
Role Approver |
Approve role assignments |
All default Passwords and Work Items tabs |
Role Report Administrator |
Create, edit, delete, and run resource reports. |
Reports -> Run Reports tab and View Reports tab Roles -> List Roles tab |
Run Access Review Detail Report |
Run the Access Review Detail Report |
Reports -> Run Reports tab and View Reports tab |
Run Access Review Summary Report |
Run the Access Review Summary Report |
Reports -> Run Reports tab and View Reports tab |
Run Admin Report |
Run administrator reports. |
Reports -> Run Reports tab and View Reports tab |
Run Audit Policy Scan Report |
Run the Audit Policy Scan Report. |
Server Tasks -> All Tasks, Find Tasks, and Run Tasks only |
Run Audit Report |
Run Audit, AuditLog, Historical User Changes, Individual User AuditLog, and Usage reports only. |
Reports -> Run Reports tab and View Reports tab |
Run Audited Attribute Report |
Execute and view the Audited Attribute Report. |
Reports -> Run Reports tab and View Reports tab |
Run Auditor Report |
Run all reports of the type, AuditLog Report. |
Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Reports -> Run Reports tab and View Reports tab |
Run AuditLog Report |
Execute and view the AuditLog, Today's Activity and Weekly Activity reports. |
Reports -> Run Reports |
Run Audit Policy Violation History |
Execute and view the Organization Violation History report and Today's Activity and Weekly Activity report. |
Reports -> Run Reports |
Run Policy Summary Report |
Execute and view the Policy Summary Report. |
Reports -> Run Reports tab and View Reports tab |
Run Organization Violation History |
Execute the Organization Violation History report. |
Reports -> Run Reports tab |
Run Reconcile Report |
Execute and view Account Index reports. |
Reports -> Run Reports tab and View Reports tab |
Run Resource Report |
Execute and view Resource User and Resource Group reports. |
Reports -> Run Reports tab and View Reports tab |
Run Resource Violation History |
Execute Resource Violation History reports. |
Reports -> Run Reports tab |
Run Risk Analysis |
Execute and view risk analyses. |
Reports -> Run Risk Analysis tab and View Risk Analysis tab |
Run Role Report |
Execute and view role reports. |
Reports -> Run Reports tab and View Reports tab Roles -> List Roles tab |
Run Separation of Duties Report |
Execute and view Separation of Duties Reports. |
Reports -> Run Reports tab and View Reports tab |
Run Task Report |
Execute and view task reports. |
Reports -> Run Reports tab and View Reports tab |
Run User Access Report |
Execute and view Detailed User Reports and User Access reports. |
Reports -> Run Reports tab and View Reports tab |
Run User Report |
Execute and view user reports. |
Reports -> Run Reports tab and View Reports tab |
Run Violation Summary Report |
Execute the Violation Summary report. |
Reports -> Run Reports tab |
Security Administrator |
Create users with capabilities; enable and disable users, list and control resource objects, and manage encryption keys, manage log-in and audit configurations, and manage policies. |
Accounts -> List Accounts (some actions) tab and Find Users tab (audit report) Passwords -> Change user Password tab and Reset User Password tab Server Tasks -> Find Tasks, All Tasks, Run Tasks, and Configure Tasks tabs Reports -> Run Reports, View Reports, Dashboard Graphs, View Dashboards, and Configure Reports Resources -> List Resources Configure -> Audit tab and Warehouse tabs Security -> Certificates, Login, and Policies tabs Service Provider -> Edit User Search Configuration |
Separation of Duties Report Administrator |
Create, edit, execute, view, and delete Separation of Duties Reports. |
Reports -> Run Reports tab and View Reports tab |
Service Provider Admin Role Administrator |
Manage Service Provider Admin Roles and the associated rules. |
Security -> Admin Roles tab |
Service Provider Administrator |
Create, edit, and manage service provider users and transactions; configure the transaction database and tracked events. |
Accounts -> Manage Service Provider Users tab Server Tasks -> Service Provider Transactions tab Reports -> Dashboard Graphs tab Reports -> View Dashboards tab Service Provider -> Edit Main Configuration, Edit Transaction Configuration, and Edit User Search Configuration tabs |
Service Provider Create User |
Create user accounts for service provider (extranet) users. |
Accounts -> Manage Service Provider Users tab |
Service Provider Delete User |
Delete a service provider user account. |
Accounts -> Manage Service Provider Users tab |
Service Provider Update User |
Update a service provider user account. |
Accounts -> Manage Service Provider Users tab |
Service Provider User Administrator |
Manage service provider (extranet) users. |
Accounts -> Manage Service Provider Users |
Service Provider View User |
View service provider (extranet) user account information. |
Accounts -> Manage Service Provider Users tab |
Task Report Administrator |
Create, edit, delete, execute and view task reports. |
Reports -> Run Reports tab and View Reports tab |
Unassign User |
Unassign and unlink existing resource accounts. Does not include bulk operations. |
Accounts -> List Accounts (Unassign only) tab and Find Users tab Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Roles -> List Roles tab and Find Roles tab |
Unlink User |
Unlink existing resource accounts. Does not include bulk operations. |
Accounts -> List Accounts (Unlink only) tab and Find Users tab Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Roles -> List Roles tab and Find Roles tab |
Unlock User |
Unlock existing user’s resource accounts that support unlock. Does not include bulk operations. |
Accounts -> List Accounts (Unlock only) tab and Find Users tab Server Tasks -> Find Tasks, All Tasks, Run Tasks tabs Roles -> List Roles tab and Find Roles tab |
Update User |
Edit existing users and initiate user update requests. Manage existing server tasks. |
Accounts -> List Accounts tab and Find Users tab Server Tasks -> Find Tasks, All Tasks, Run Tasks tabs Roles -> List Roles tab and Find Roles tab |
User Access Report Administrator |
Create, edit, delete, execute, and view User Access Reports. |
Reports -> Run Reports tab and View Reports tab |
User Account Administrator |
All operations on users, except cannot assign user capabilities. |
Accounts -> List Accounts, Find Users, Extract to File, Load from File, and Load from Resource tabs. Passwords -> Change User Password tab and Reset User Password tab Server Tasks -> Find Tasks, All Tasks, and Run Tasks tabs Roles -> List Roles tab and Find Roles tab |
User Report Administrator |
Create, edit, delete, execute and view user reports. |
Reports -> Run Reports tab and View Reports tab |
View Application |
List Application type roles and view Application type role information. No change actions allowed. |
Roles -> List Roles tab and Find Roles tab |
View Asset |
List Asset type roles and view Asset type role information. No change actions allowed. |
Roles -> List Roles tab and Find Roles tab |
View Business Role |
List Business roles and view Business role information. No change actions allowed. |
Roles -> List Roles tab and Find Roles tab |
View IT Role |
List IT roles and view IT role information. No change actions allowed. |
Roles -> List Roles tab and Find Roles tab |
View Role |
List all role types and view all role information. No change actions allowed. |
Roles -> List Roles tab and Find Roles tab |
View User |
View individual user details. No change actions allowed. |
Accounts -> List Accounts tab and Find Users tab |
Violation Summary Report Administrator |
Create, edit, delete, and execute Violation Summary reports. |
Reports -> Run Reports tab |
Identity System Administrator |
Perform system-wide tasks, such as editing system configuration objects, synchronizing roles, editing source adapter templates, and running reports. |
Server Tasks -> Find Tasks, All Tasks, Run Tasks, Manage Schedule, and Configure Tasks tabs Reports -> Run Reports, View Reports, Dashboard Graphs, View Dashboards, and Configure Reports tabs Resources -> List Resources Configure -> Audit, Warehouse, Email Templates, Form and Process Mappings, Servers, User Interface, and Product Registration tabs Compliance -> Access Reviews Security -> Certificates |