Previous Topic: How Access Roles Manage EntitlementsNext Topic: Create an Access Role

Access RolesExample: Indirect Profile Attribute Modification

Example: Indirect Profile Attribute Modification

You can use access roles to indirectly change an attribute in a user's profile. For example, a company may not want to allow any user to directly change another user's title. That company can create an access role that changes a title when an administrator assigns the role to a user.

To indirectly change an attribute, you set the change actions for the access role. When an administrator assigns the role, the change action can make one or more changes to an attribute in the user's profile.

To use an access role to indirectly modify an attribute, do the following:

  1. Create an access role.
  2. On the Members tab, select the Administrators Can Add or Remove Members of this Role checkbox, and click the arrow icon.

    CA Identity Manager displays additional Add Action and Remove Action fields.

  3. In the Add Action or Remove Action fields, select an action from the list box.

    CA Identity Manager displays additional fields based on the option you selected.

  4. Configure the Add or Remove actions as needed.
  5. Select the Administrator tab to specify the administrators who can add members to the access role you are creating.
  6. Select the Owners tab to specify the administrators who can modify the access role definition.
  7. Click Submit to complete the access role creation.
  8. Assign the access role to users, as needed.