1. Using Access Certifications
  2. Finalize Roles

Finalize Roles

When a scoping job for a certification reaches completion, you must select from the roles it returns, appoint role managers and certifiers who are to evaluate the assignments of those roles to users, and complete the initialization process.

In the Access Certifications home page, click Finalize Roles in the Actions menu of the row for a certification whose status is Finalizing. The Initiate Certification: Finalize Roles page opens, displaying a list of every role returned by the scoping job.

Select Roles

First, designate which roles are to be included in the certification. For a continuous certification, you must select 20 or fewer roles. This limit doesn't apply to standard certifications.

If you're finalizing a certification created from scratch, all roles returned by the scoping job are included by default. An Include column displays a check mark for each of them. If you're finalizing a certification that reuses a prior certification, returns may consist not only of Included roles, but also:

  • Roles returned for the reused certification, but explicitly excluded by its owner. For these, the Include column displays a dash, which indicates exclusion.

  • Roles returned for the reused certification that could no longer be found for the new certification. For these, the Include column displays a Role Not Available icon.

  • Roles returned by the scoping job for the current certification, although they had not been returned for the original certification you're reusing. For these the Include column displays a New Role icon.

Ensure that the Include column displays check marks only for the roles you want to include in the certification:

  • Select roles you want to remove from the certification, and click the Exclude button. For each of these roles, the Include column then displays a dash.

  • Select roles you want to include, but that aren't already included, and click the Include button. For each of these roles, the Include column then displays a check mark.

  • You can't include a role that displays the Role Not Available icon.

To select one role, click its row. To select a continuous set, click the first row, hold down the Shift key, and click the last. To select a discontinuous set, hold down the Ctrl key as you click rows. You can filter roles to find those whose settings you want to alter.

Select Participants

Next, appoint role managers and certifiers:

  1. Select rows representing Included roles whose assignments are to be reviewed by a particular role manager and certifier. Again, you can use the Ctrl or Shift key to select discontinuous or continuous rows.

  2. Click Edit to open a Mass Assignment dialog.

  3. In a Manager field, click the Manager Assignment icon to open a list of users authorized as role managers in the Security Assignment region of the Scoping Certification page. Select one and click Apply.

  4. Back in the Mass Assignment dialog, click the Certifier Assignment icon in the Certifier field. This opens a list of users authorized as certifiers in the Security Assignment region of the Scoping Certification page. Select one and click Apply.

  5. Back in the Mass Assignment dialog, click Apply. In the Finalize Roles page, the Manager and Certifier columns refresh to display the selections you've made.

  6. Continue making selections until every role included in the certification has a role manager and a certifier. With each set of roles, you may reappoint a certifier or role manager, so that a given certifier may work with any number of role managers, or role manager with any number of certifiers.

As you select role managers or certifiers for a set of roles, you can select an Eligible Users value. This means the roles are available for review by any user authorized to act as a certifier or role manager. However, this isn't recommended, as it can cause confusion if multiple users attempt to work on the same roles at the same time.

Complete the Initiation

Finally, click the Initiate button, which becomes active when you finish selecting role managers and certifiers. Respond to a message warning you that you're locking the scope of the certification.

The focus returns to the Access Certifications home page. The status of the certification updates to Active, and the date you click the Initiate button is added automatically to the record of the certification as its start date. Role managers and certifiers can now open the certification. They receive notifications that they've tasks to complete in the certification. If the certification includes direct managers, they also receive notifications.