Hard and Soft Permitted Roles

A hard permitted role is a role that is requested through IdentityIQ. A soft permitted role is a role that is discovered through aggregation and entitlement correlation, but was not explicitly requested or provisioned using IdentityIQ.

When a role that contains hard permitted roles is unassigned and deprovisioned, the hard permitted roles is also deprovisioned if there are no other dependencies on those roles. If a role containing soft permitted roles is unassigned and deprovisioned, the soft permitted roles are not deprovisioned.