It can be beneficial for enterprises to securely hand off certain responsibilities to specific individuals within their organization. Sharing responsibilities ensures that administrators do not have too much responsibility or power over governance actions.
A user with role admin permissions can perform the following actions:
Create, manage, and edit roles.
Access the Access Modeling service which includes Role Discovery and Role Insights.
Save, subscribe to, and download CSV reports onaccessible pages in IdentityNow.
To utilize sub-admin user levels, the source and the user must be associated with a governance group.
Role sub-admins can create, manage, and edit only for roles with access profiles on sources that are associated with the governance groups they are members of. Role sub-admins have the same permissions as role admins for search and reports. Role sub-admins do not have access to Role Discovery or Role Insights.