Set permissions from Identity Manager users or roles

1. Log in to Identity Manager Admin as Administrator.

To view or edit permissions of an individual user:

1. In Identity Manager Admin, go to Home > User Administration. 
2. Double-click a user name in the list.
   The user settings are shown. 

To view or edit permissions of a role:

1. In Identity Manager Admin, go to Home > Roles.
2. Double-click a role name in the list.

   The role settings are shown. 

Roles in Identity Manager can be configured to only access certain Identity Manager instances, by using the instance ID setting. 

To limit a role to access only certain instances:

1. In Instance Ids, enter a comma-separated list of instanceIDs as configured in the system.properties of each instance. 

   Example: Instance Ids

   Instance Ids = internet, intranet

   If the field is left empty, then all instances are allowed.
   For information on how to configure instanceIDs in system.properties, see Limit role to access certain instances of Identity Manager client.

To edit permissions of individual users or roles:

1. In the user or role settings, select tab. For more information, see the table below. 

2. Check or uncheck permissions as needed. 

3. Click Save.  

Permissions are grouped in these tabs:

Tab	Description
General Admin	Here you can assign and withdraw permissions for the menu items listed on the Home page in the Identity Manager Admin application.
General Runtime	Here you can assign or withdraw permissions to access larger functional areas of Identity Manager Operator. Functional areas for which a user has no permission are hidden. See Identity Manager Operator for more information about the object history permission. Permission Description BATCH ORDERS If the logged in user, or assigned roles, have this permission, the BATCH ORDERS tab is displayed in Identity Manager Operator. Scheduled Jobs If the logged in user, or assigned roles, have this permission, the Scheduled Jobs menu is visible in the ADMIN tab in Identity Manager Operator. Clear cache If the logged in user, or assigned roles, have this permission, the Clear cache menu is visible in the ADMIN tab in Identity Manager Operator. Configure system properties If the logged in user, or assigned roles, have this permission, the Configure system properties menu is visible in the ADMIN tab in Identity Manager Operator. Download configuration If the logged in user, or assigned roles, have this permission, the Download configuration menu is visible in the ADMIN tab in Identity Manager Operator. IN PROGRESS If the logged in user, or assigned roles, have this permission, the IN PROGRESS tab is displayed. List processes If the logged in user, or assigned roles, have this permission, the List processes menu is visible in the ADMIN tab in Identity Manager Operator. Maintenance Mode If the logged in user, or assigned roles, have this permission, the Maintenance Mode menu is visible in the ADMIN tab in Identity Manager Operator. OBJECT HISTORY: Batch import If the logged in user, or assigned roles, have this permission, the History button is displayed on the core object detail page in Identity Manager Operator. The history will show entries regarding batch import. OBJECT HISTORY: Custom types  If the logged in user, or assigned roles, have this permission, the History button is displayed on the core object detail page in Identity Manager Operator. The history will show entries regarding custom types.  OBJECT HISTORY: Data change If the logged in user, or assigned roles, have this permission, the History button will be displayed on the core object detail page in Identity Manager Operator. The history will show entries regarding data change, for example, created, modified or deleted data. OBJECT HISTORY: Process execution If the logged in user, or assigned roles, have this permission, the History button will be displayed on the core object detail page in Identity Manager Operator. The history will show entries regarding process execution.  OBJECT HISTORY: State change If the logged in user, or assigned roles, have this permission, the History button will be displayed on the core object detail page in Identity Manager. The history will show entries regarding state change. OPEN TASKS If the logged in user, or assigned roles, have this permission, the OPEN TASKS tab will be displayed. REST API: Resolve secrets This permission is responsible for the REST API: Resolve secrets, which defines the right to call an http endpoint to resolve secrets. Reserve number ranges If the logged in user, or assigned roles, have this permission, the Reserve number ranges menu is visible in the ADMIN tab in Identity Manager Operator. SEARCH If the logged in user, or assigned roles, have this permission, the SEARCH tab is displayed. START If the logged in user or assigned roles have this permission, the START tab is displayed. Upload configuration If the logged in user, or assigned roles, have this permission, the Upload configuration menu is visible in the ADMIN tab in Identity Manager Operator. When one or several of the object history permissions are enabled, the History button will be displayed on the core object detail page. If no object history permissions are enabled for a user or a role, the History button will not be displayed.
Process Permissions	Here you can assign and withdraw permissions to start individual processes in Identity Manager Operator (that is, Execute) and to edit their configuration in Identity Manager Admin (Update or Delete).
Search Configurations	Here you can assign and withdraw permissions to use (that is, Execute) the individual search configurations in Identity Manager Operator.
Forms	Here you can assign and withdraw permissions to read (Read) and edit (Update or Delete) the configuration of individual forms in Identity Manager Admin.
Identity Templates	Here you can assign and withdraw permissions to access (Read) data objects of particular categories in Identity Manager Operator. The categories are determined by the identity templates.