Restricting Access to the Rule Editor

The ability to edit inline scripts in Identity IQ requires either the SystemAdministrator capability or the EditScripts SPRight. The EditScripts SPRight is not included in any standard capabilities by default. If you want to give script editing abilities to users other than System Administrators, you must either create a new capability for these users that includes the EditScripts SPRight, or add the EditScripts SPRight to an existing capability that can be assigned to those users.

Because the ability to write scripts is a potential security risk, it is recommended that the EditScripts SPRight is given out in a controlled manner to trusted users only.

For more information on assigning capabilities to users, see the User Rights Tab.

For more information on rights and capabilities in IdentityIQ, see IdentityIQ Rights and Capabilities - Definitions.