The following figure shows which role-types, resources, and resource-groups can be assigned to each of the four role-types. The figure also shows that role-type exclusions can be assigned to all four role-types. (For a description of Role exclusions, see To Assign Resources and Resource Groups.)
Optional, conditional, and required contained-roles (What are Roles?) provide added flexibility. Flexible role definitions can reduce the total number of roles your organization needs to manage.
Figure 5–2 shows that Business Roles and IT Roles are directly assignable to users if a pre-8.0 version of Identity Manager is upgraded to at least version 8.0. On upgrade, legacy roles are converted to IT Roles, and, to ensure backwards compatibility, IT Roles are directly assigned to users. If Identity Manager was not upgraded from a pre-8.0 version, then only Business Roles are directly assignable to users.