17.3 Managing Role Relationships

The Manage Role Relationships action on the Roles tab of the Identity Manager user interface allows you to define how roles are related in a higher and lower role containment hierarchy. This hierarchy enables you to group permissions or resources contained by lower-level roles into a higher-level role that makes assignment of permissions easier. The allowed relationships are:

17.3.1 Creating and Removing Role Relationships

  1. Click Manage Role Relationships in the Role Management group of actions.

    HINT:The Edit Role Details link provides quick way access to the Manage Roles page. If you have selected a role, it displays the contents of the selected role for editing.

  2. To find the role for which you want to add or remove a relationship, use the Object Selector or Show History tool as described in Section 1.4.4, Common User Actions.

  3. Select the role.

    In this example, the Role is Nurse (West Campus). Because this role is at the highest level in the hierarchy of roles, the user interface displays a message in the Selected Role Is Contained By section.

    Depending on the level of the role you chose, you see one or both of these buttons:

    • New Higher Level Relationship

    • New Lower Level Relationship

  4. To add a relationship, click one of the buttons and fill out the Lower Level Relationship or Higher Level Relationship Details as described in Table 17-4

  5. You can filter the list of higher and lower level relationships, as follows:

    1. To view only those relationships that start with a particular string of characters, see Filtering Data for information about what to enter in the Role Name field.

    2. To view those roles of a certain level, select it from the Level list box.

    3. To view those roles of a specific category, select it from the Category list box.

    4. To apply the filter criteria you’ve specified to the display, click Filter.

    5. To clear the currently specified filter criteria, click Reset.

  6. Click Submit to create a request to add the role relationships.

    You can check the status of the request by going to View Request Status. When the status is Provisioned, the role relationship has been added.

  7. To remove a relationship:

    1. Navigate to the relationship you want to remove and click .

      You are asked to confirm that you want to remove it.

    2. Click OK to continue with the removal or Cancel to return to the Manage Role Relationships page. You are prompted for an Initial Request Description.

      The default text is Relationship removal request, but you can modify it as needed. This text displays in the View Request Status page.

    3. Click OK to submit the removal request. You can view the status of this request in the View Request Status page. A status of Provisioned means that the relationship has been removed.

17.3.2 Managing Role Relationships Properties

Table 17-4 Role Relationships Properties

Field

Description

Initial Request Description

This value appears in View Request Status.

You can use this option to group multiple requests created by one user interaction because they share the same Common Requests ID.

Add Roles to Selected Role

Available when you click New Lower Level Relationship.

Use the Object Selector or History buttons to locate the lower-level role to add to the selected role. See Using the Object Selector Button for Searching.

Add Selected Role to Roles

Available when you click New Higher Level Relationship.

Use the Object Selector or History buttons to locate the higher level role to add to the current role. See Using the Object Selector Button for Searching.