Edit Role Types
Use the Edit Role Type Definition page to create and edit types to use with roles. Role type is used to configure roles to perform different functions within your business model. For example, type might be used to control inheritance or automatic assignment of roles.
Role modeling also uses the concept of permission to enable you to grant users permission to specific roles without assigning them the role or incorporating it in their role hierarchy. For example, while a non-IT user with a business-type role might need access to the entitlements contained within an IT-type role, they probably do not need to have that role assigned to them or included as part of their hierarchal role structure.
The Edit Role Type Definition page contains the following information:
Type Name
The name of the role type.
Display Name
The display name of the role type used throughout the product.
Description
A brief description of the role type.
Icon Path
The path to the iconic representation of this role type.
See How to Add or Edit Role Types.
Disallow inheritance of other roles
Do not allow roles of this type to inherit other defined roles.
Disallow other roles from inheriting this role
Do no allow roles of this type to be inherited.
No automatic detection with profiles
Do not automatically detect and assign this role to identities during aggregation and correlation.
No automatic detection with profiles unless assigned
Do not automatically detect and assign a role during aggregation and correlation unless it is required or permitted by an identity's assigned roles.
No entitlement profiles
Do not enable the direct assignment of profiles to this role type.
For example, a roles used to create hierarchy in your business model might only gain access to entitlement profiles through permitted IT roles.
No automatic assignment with rule
Do not allow a rule to automatically assign roles of this type to identities.
No assignment rule
Do not display the Assignment Rule panel in the Role Modeler for rules of this type.
No manual assignment
Do not allow roles of this type to be assigned manually from the Identities User Rights tab.
No permitted roles list
Do not display the Permitted Roles panel in the Role Modeler for rules of this type.
Disallow this role from being on a permitted roles list
Do not display roles of this type on the select list of the Permitted Roles panel of any other role.
No required roles list
Do not display the Required Roles panel in the Role Modeler for rules of this type.
Disallow this role from being on a required roles list
Do not display roles of this type on the select list of the Required Roles panel of any other role.
Disallow Granting of IdentityIQ User Rights
Do not allow the granting of IdentityIQ capabilities or scopes based on role assignment. If this option is selected, the Granted IdentityIQ User Rights table is not displayed on the Role Editor page.