1. Securing Applications
  2. Copy and Edit Duty Roles

Copy and Edit Duty Roles

You can copy a duty role and edit the copy to create a duty role. Copying duty roles is the recommended way of creating duty roles. You must have the IT Security Manager job role or privileges to perform these tasks.

Copy a Duty Role

Follow these steps:

  1. On the Roles tab of the Security Console, search for the duty role to copy.

  2. Select the role in the search results. The role hierarchy appears in tabular format by default.

    Tip: If you prefer, click the Show Graph icon to show the hierarchy in graphical format.

  3. In the search results, click the down arrow for the selected role and select Copy Role.

  4. In the Copy Options dialog box, select a copy option.

  5. Click Copy Role.

  6. On the Copy Role: Basic Information page, edit the Role Name, Role Code, and Description values, as appropriate.

    Tip: The role name and code have the default prefix and suffix for copied roles specified on the Roles subtab of the Security Console Administration tab. You can overwrite these values for the role that you're copying. However, any roles inherited by the copied role are unaffected by any name changes that you make on the Copy Role: Basic Information page.

  7. Click the Summary and Impact Report train stop.

  8. Click Submit and Close, then OK to close the confirmation message.

  9. Review the progress of your copy on the Role Status subtab of the Security Console Administration tab. Once the status is Complete, you can edit the copied role.

Edit the Copied Duty Role

Follow these steps:

  1. On the Roles tab of the Security Console, search for and select your copy of the duty role.

  2. In the search results, click the down arrow for the selected role and select Edit Role.

  3. On the Edit Role: Basic Information page, you can edit the role name and description, but not the role code.

  4. Click Next.

Manage Functional Security Policies

On the Edit Role: Functional Security Policies page, any function security privileges granted to the copied role appear on the Privileges tab. Select a privilege to view details of the code resources that it secures.

To remove a privilege from the role, select the privilege and click the Delete icon. To add a privilege to the role:

  1. Click Add Function Security Policy.

  2. In the Add Function Security Policy dialog box, search for and select a privilege or role.

  3. If you select a role, then click Add Selected Privileges to grant all function security privileges from the selected role to your custom role. If you select a single privilege, then click Add Privilege to Role.

    Tip: If the role has no function security privileges, then you see an error message. You can add the role to the role hierarchy on the Edit Role: Role Hierarchy page, if appropriate.

  4. Click OK to close the confirmation message.

  5. Repeat from step 2 for additional privileges.

  6. Close the Add Functional Security Policies dialog box.

  7. Click Next.

Note: If a function security privilege forms part of an aggregate privilege, then add the aggregate privilege to the role hierarchy. Don't grant the function security privilege directly to the role. The Security Console enforces this approach.

The Resources tab, which is read-only, lists any resources granted to the role directly rather than through function security privileges. As you can't grant resources directly to roles on the Security Console, only resource grants created before Release 12 could appear on this tab. You can't edit these values.

Manage Data Security Policies

Make no changes on the Edit Role: Data Security Policies page.

Add and Remove Inherited Roles

The Edit Role: Role Hierarchy page shows the copied duty role and any duty roles and aggregate privileges that it inherits. The hierarchy is in tabular format by default. You can add or remove roles.

To remove a role:

  1. Select the role in the table.

  2. Click the Delete icon.

  3. Click OK to close the information message.

To add a role:

  1. Click Add Role.

  2. In the Add Role Membership dialog box, search for and select the role to add.

  3. Click Add Role Membership.

  4. Click OK to close the confirmation message.

  5. Repeat from step 2 for additional roles.

  6. Close the Add Role Membership dialog box.

    The Edit Role: Role Hierarchy page shows the updated role hierarchy.

  7. Click Next.

Review the Role

On the Edit Role: Summary and Impact Report page, review the summary of changes. Click Back to make corrections. Otherwise:

  1. Click Save and Close to save the role.

  2. Click OK to close the confirmation message.

The role is available immediately.

Related Topics