Managing System Default Roles
Non-Employee Risk Management includes two roles by default: Profile Owner and Profile Contributor. Each of these roles is a type of contributor. These roles are used to grant both lifecycle and portal users specific access to manage profiles within Non-Employee.
These roles are customizable. You can choose the access each role grants to users to suit your business needs. Users assigned either of these roles can make the specific configurations it allows on the profiles assigned to them. While each profile can have many Profile Contributors, it can only have a single Profile Owner.
The system default roles are the only roles that can be granted to lifecycle users without entitlements or groups from your identity provider. Instead, they are granted to users on the details page for an individual profile, through assignment in workflows, or with a profile attribute. Refer to Assigning System Default Roles to Users for details.
Editing System Default Roles
You can make changes to the access granted by the Profile Owner and Profile Contributor roles.
To update the system default roles:
-
Go to Admin > Lifecycle > User Roles.
-
Select the SYSTEM DEFAULTS tab.
-
Select the role you want to edit.
-
In the PERMISSIONS section, make changes to the permissions you want users with this role to have.
- In the Application section, choose whether users with this role should be allowed to add additional contributors to the profiles they're assigned to.
- In the Attributes section, choose whether users with this role can view or edit attributes on the profiles they're assigned to, or whether they should have no access to those attributes.
- In the Workflows section, choose which workflows users with this role should be allowed to execute specific workflows on the profiles they're assigned to. Users with this role who don't have permission to execute workflows can still approve or deny requests associated with the workflow, complete fulfillment tasks, and contribute to the workflow in other ways.
-
Select save.
Assigning System Default Roles to Users
The Profile Owner and Profile Contributor roles can be assigned to users in several ways.
- By assigning the owners or contributors directly on a profile.
- By including a step in a workflow to add an owner or contributor automatically.
- By adding an attribute to the profile with a contributor or owner type, so that contributors can be added manually during profile creation.
When a user is assigned the Profile Owner or Profile Contributor role for a profile, they are granted the permissions you configured for that role on that profile.
Assigning Contributors Directly to a Profile
You can grant a specific user the Profile Owner or Profile Contributor roles for a specific profile by editing the list of contributors for that profile.
To add an owner or contributor to a profile directly:
-
Go to Admin > Lifecycle > Profiles.
-
Select the profile you want to edit.
-
Go to the CONTRIBUTORS tab.
You can see a list of current contributors to this profile, as well as the custom lifecycle and collaboration roles that allow users to manage the profile.
-
In the Add contributor field, begin typing the name of a user you want to add as a contributor to this profile. Select the user you want to add.
The user you selected is granted the Profile Contributor role for this profile.
-
To grant the user the Profile Owner role, select the make owner icon to the right of the status column in the table.
The permissions you assigned to the role are granted automatically to the user for the selected profile.
Adding a new profile owner using this method converts the previous owner to a contributor.
Assigning System Default Roles Using Workflows
When creating a workflow to create or update a profile, you can configure that workflow to assign profile owners or contributors to that profile automatically.
For more information, refer to the Contributors action within workflows.
Adding a new profile owner using this method removes the previous owner from the list of contributors.
Add a System Default Role Using a Profile Attribute
You can create an attribute that assigns owners and contributors to profiles. The attribute can be included in forms and pages. When a new profile is requested and the pages are sent to a user to complete, that user can manually add a contributor or owner to the profile using that attribute.
To add a contributor attribute to profiles:
-
Go to Admin > Templates > Attributes.
-
Select + Attribute.
-
In Field type, select one of the following options. The user filling out the new profile's attributes will assign a contributor based on the field type you select.
- contributor search - Search for a user to assign as a contributor for this profile.
- contributor select - Choose from a list of users to assign as a contributor for this profile.
- owner search - Search for a user to assign as an owner for this profile.
- owner select - Choose from a list of users to assign as an owner for this profile.
-
Complete the remaining fields and select create.
-
Complete the remaining fields on the Basic Info page and select finish.
For more information about creating attributes, refer to Attributes.
-
Create a form that includes this attribute, and add that form to a page.
-
Add the page to a workflow using the Request Form action.
When a new profile is created using this workflow, the form will be assigned to a user. That user can manually assign a contributor or owner within the attribute you created.
Adding a new profile owner using this method removes the previous owner from the list of contributors.
Documentation Feedback
Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.