Roles

This feature is currently available only to customers participating in a private preview. If you'd like to participate to be among the first to try this feature, ask our support or account team for details.

A role is a collection of resources and entitlements that can be assigned to new identities with similar access needs. Roles should be created with the basic access required for a specific job or function.

To view or manage a role, navigate to the Access page and select the Roles tab.

Creating a Role

To create a role, select Create and fill out all required fields, plus any additional ones desired. The table below summarizes field details and requirements.

       

Field

Required / Optional

 Data Type

Note

Role Name

Required

Unique; Text

 The name is used as the role’s identifier.

Description

Required

Text

A text description of the role.

Manager

Lookup

Role Manager. This manager will be considered a secondary manager for any identities assigned to this role.

Is Auto Approved

Boolean

  • Allows identities to add this role to their account instead of initiating a request, which will have to go through an approval process.

  • Note: If this field is set to true, the Owner and Owner Type fields cannot be configured.

Owner Type

Selection

  • Select an identity or identity collection.

  • Selecting an owner type will allow you to select an owner.

Owner

Lookup

Once an owner is added, the selection can be edited or removed only until the role is saved.

Reason Is Mandatory

Boolean

When set to true, identities cannot request this role unless they provide a reason to accompany their request. When set to false, providing a reason when making a request is optional.

Assignment Collection

Selection

A policy that, when true, assigns this role.

Resources

Lookup

Resources assigned to this role.

Entitlements

Lookup

For each resource, any entitlements that are also granted by this role.

Updating a Role

The table below shows the editing limitations of an existing role.

Role Name

Limitations

Is Auto Approved

Cannot be updated

Owner Type

Cannot be updated

Owner

Cannot be updated

Deleting a Role

When deleting a role, the system will check if the role being deleted is in use:

  • If the role is in use, you will be notified and won’t be allowed to delete the role.

  • If the role is not in use, it will be deleted.