Skip to content

Role Admin and Role Sub-Admin User Levels

User level permissions enable enterprises to securely assign certain responsibilities to specific individuals within their organization. Sharing responsibilities ensures that administrators do not have too much responsibility or power over governance actions.

Users cannot grant themselves user level permissions – only IdentityNow Admins can grant or remove user levels. If you grant someone a user level, it will appear in certifications as an entitlement that the reviewer can grant or revoke. For information on how to grant and remove user levels, read Granting and Removing User Level Permissions.

Users can be granted multiple user levels and will have the combined access of all levels assigned to them. For information about other user levels, refer to the User Level Access Matrix.

Role Admin User Level

A user with the Role Admin user level has the following permissions:

  • Create, manage, and edit roles.
  • Access Role Discovery and Role Insights if your organization has configured the Access Modeling service.
  • Search your organization's identity and entitlement data.
  • Save, subscribe to, and download reports on pages they have access to in IdentityNow.

Role Sub-admin User Level

To utilize sub-admin user levels, the source and the user must be associated with a governance group.

A user with the Role Sub-admin user level has the same permissions for Search and reports as Role Admins. However, they can create, manage, and edit roles with access profiles only on sources that are associated with the governance groups they are members of. Role sub-admins can also view and work with roles that do not have any access profiles.

Role Sub-admins do not have access to Role Discovery or Role Insights.