Roles app
Applies to Bravura Identity 
The Roles app allows users to request role membership and role configuration changes.
It is enabled and configured via the Scenario.im_role_wizard component , which is installed by default. The component includes:
Pre-defined requests
User classes
Additional entries into
extdbtableshid_idmconfig_wizard_attributes
im_policy_authorization
Access
Access to the Roles app is enabled by default for all end users. The app allows end users to view their own role memberships and request assignments and revocations to any roles for themselves via the Roles app. Access to specific requests is controlled by user clasess and pre-defined requests.
Roles must be both enabled and assignable in order for membership to be requested.
Pre-defined requests
Users can create, update, delete and/or authorize role membership and configurations based on which pre-defined requests they have access to:
Pre-defined request | Description |
|---|---|
ROLE_CREATE | Create role |
ROLE_DELETE | Delete role |
ROLE_UPDATE | Update role |
ROLE_UPDATE_ATTRS | Update attributes |
ROLE_UPDATE_ENTITLEMENTS | Update entitlements |
ROLE_UPDATE_USERS | Update user members |
USER_ADD_ROLES | Assign roles |
USER_DELETE_ROLES | Revoke roles |
_CERT_ROLE_REMEDIATION_ | Default remediation for roles |
_RESOLVE_ROLE_DEFICITS_ | Add missing role entitlements |
User classes
For using the Roles App, users can be added to the following default user classes appropriately to grant the pre-defined requests needed:
User class | Description |
|---|---|
ROLE_AUTHORIZERS | Role request authorizers |
ROLE_CREATE_USERS | Users who can create roles |
ROLE_DELETE_USERS | Users who can delete roles |
ROLE_UPDATE_USERS | Users who can update roles |
See also
Roles in end-user documentation describes how end users view and request changes .