Novell Doc: Identity Manager Roles Based Provisioning Module 3.6.1 User Application: User Guide

14.4 Roles Actions You Can Perform

Here’s a summary of the actions that are available to you by default on the Roles tab:

Table 14-2 Roles Actions

Category	Action	Description
My Roles	My Roles	Lets you look at the status and details for your approved roles. It shows roles that have a status of Provisioned or Pending Activation, but not roles that have not yet been approved. For details, see Section 15.0, Viewing Your Roles.
Role Assignments	Role Assignments	The Role Assignments action lets users request role assignments. This action is available to Role Module Administrators, Role Managers, and other authenticated users not specifically assigned to any of the installed system roles. Role Module Administrators can request assignment of users, groups, and containers to roles. The Role Module Administrator has unlimited scope within the directory. Role Managers can request assignment of users, groups, and containers to roles to which they have browse rights. Other authenticated users can request assignment for themselves to roles to which they have browse rights. For details, see Section 16.2, Assigning Roles.
Role Assignments	View Request Status	Allows you to see the status of your role requests (including requests you’ve made explicitly as well as role assignment requests for groups or containers to which you belong). It lets you see the current state of each request. In addition, it gives you the option to retract a request that has not been completed or terminated if you have changed your mind and do not need to have the request fulfilled. For details, see Section 16.3, Checking the Status of Your Requests.
Role Management	Browse Role Catalog	Lets you look at existing roles in the Roles Catalog. You can also delete roles, access the Manage Role Relationships and the Role Assignments actions. For details, see Section 17.1, Browsing the Role Catalog.
	Manage Roles	Allows you to create, modify, or delete a role. For details, see Managing Roles.
	Manage Role Relationships	Allows you to define how roles are related in a higher and lower role containment hierarchy. This hierarchy enables you to group permissions or resources contained by lower level roles into a higher level role that makes assignment of permissions easier. For details, see Managing Role Relationships.
	Manage Separation of Duties	Allows you to define a Separation of Duties (SoD) constraint. An SoD constraint represents a rule that makes two roles mutually exclusive. If a user is in one role, they cannot be in the second role, unless there is an exception allowed for that constraint. You can define whether exceptions to the constraint are always allowed or are only allowed through an approval flow. For details, see Managing Separation of Duties Constraints.
	Configure Roles Subsystem	Allows you to specify administrative settings for the Roles Subsystem. For details, see Configuring the Role Subsystem.
Role Reporting	Role Reports	Enables you to create and view reports that describe the current state of roles and role assignments. For details, see Section 18.2, Role Reports.
	SoD Reports	Enables you to create and view reports that describe the current state of Separation of Duties constraints, violations, and approved exceptions. For details, see Section 18.3, SoD Reports.
	User Reports	Enables you to create and view reports that describe the current state of role memberships and entitlements for users. For details, see Section 18.4, User Reports.