Identity Role Assignments

Role assignments have an assignment id that is used to uniquely refer to the assignment. The user interface does not display this assignment id, but any code that references an assignment needs to use the id to keep a reference from being ambiguous.

When a permitted role is requested through Lifecycle Manager, IdentityIQ records the request in the RoleAssignment model by placing a nested RoleAssignment for the permitted role inside the RoleAssignment for the assigned role. This process defines a hard permitted role.

The identity assignedRoles and assignedBundleSummary attributes are a unique list of roles, and if a role is assigned multiple times, the role is in this list only one time. The identity roleAssignments attribute can contain multiple items for the same role if the role is assigned multiple times.

Existing methods on the identity object related to role assignments remain for backward compatibility, but are marked deprecated and can return incomplete results if multiple assignments are enabled.