Sun Identity Manager 8.1 Business Administrator's Guide

ProcedureTo Remove One or More Roles From a User

Using the Edit User page, one or more roles can be removed from a user account. Only a directly assigned role can be removed. Indirectly assigned roles (that is, conditional and/or required contained roles) are removed when the parent role is removed. Another way for an indirectly assigned role to be removed from a user is if the role is removed from the parent role (see To Remove a Role Assigned to Another Role).

End-users can also request that assigned roles be removed from their user accounts. See Requests Tab in the Identity Manager End-User Interface section.

For information on removing a role using a scheduled deactivation date, see To Activate and Deactivate Roles on Specific Dates.

  1. In the Administrator interface, click the Accounts tab.

    The List Accounts subtab opens.

  2. Click the user from which you want to remove a rule (or rules).

    The Edit User page opens.

  3. Click the Roles tab.

  4. In the table of roles, select the roles you want to remove from the user and then click OK.

    To sort the table alphabetically by Name, Type, Activate On, Deactivate On, Assigned By, or Status, click the column headers. Click a second time to reverse sort. To filter the list by role type, make a selection from the Current drop-down menu.

    The table shows the parent role assignments (those roles that can be selected), plus any role assignments that are connected to the parent role assignments (those roles that cannot be selected).

  5. Click Remove.

    The table of assigned roles updates to show the remaining assigned roles.

  6. Click Save.

    The Update Resource Accounts page opens. Deselect any resource accounts that you do not want removed.

  7. Click Save to save your changes.