You can assign Identity Manager administrative privileges, or capabilities, to users as follows:
Admin Roles. Users assigned an Admin Role inherit the capabilities and controlled organizations defined by the role. By default, all Identity Manager user accounts are assigned the User Admin Role when created. For detailed information about Admin Roles and creating an Admin Role, see Understanding and Managing Identity Manager Resources in Chapter 5, Roles and Resources.
Capabilities. Capabilities are defined by rules. Identity Manager provides sets of capabilities grouped into functional capabilities that you can select from. Assigning capabilities allows for more granularity in assigning administrative privileges. For information about capabilities and creating capabilities, seeUnderstanding and Managing Capabilities in Chapter 6, Administration.
Controlled organizations. Controlled organizations grant administrative control privileges over specified organizations. For more information, see Understanding Identity Manager Organizations in Chapter 6, Administration.
For more information about Identity Manager Administrators and administrative duties, see Chapter 6, Administration