18.6 Editing Business Roles

Identity Governance allows you to edit business roles. If you edit and save an approved business role, the state changes to DRAFT, and the role must be re-approved. To edit a published business role, a new draft copy is made for editing, and the published role continues to be used in governance processes until the new draft is approved and published. You can also use the bulk action menu to download business roles as JSON files. After editing, you can import the roles on the page that lists all business roles.

To edit a business role:

  1. Log in to Identity Governance as a Business Role or Global Administrator.

  2. Select Policy > Business Roles.

  3. Select the business role you want to edit, then click Edit.

  4. (Optional) If the business role is published, on the top of the page, click Edit.

    NOTE:We recommend that you think through business role definitions and add all members and authorizations, estimate impact, and analyze SoD and potential SoD violations before publishing. If you need to make changes after publishing, keep in mind that business role detections compare your last published state with the current state and automatically generate grants and revocations if auto-grants and auto-revoke settings are enabled. Also, note that the membership policy of a business role can include members from other published business roles, however, circular inclusions are not allowed.

    Identity Governance creates a draft of the business role for you to edit on the Draft tab.

  5. (Optional) Enable users to request business role membership through the Access Request interface.

    HINT:After specifying a business role as requestable, make sure to publish the business role before assigning it to a Access Request policy. Unpublished business roles will not be available for request.

  6. (Optional) Make other appropriate changes to the business role such as setting a risk value or specifying a grace period value for a member who no longer meets the membership policy criteria.

  7. Select Save to save the draft.

  8. (Conditional) Click Compare with published to compare the draft version with the published version of the business role to ensure that the changes are correct.

  9. (Conditional) If the business role approval policy requires approval, when the draft is ready for approval, click Submit for approval. If the business role approval policy does not require approval, the draft is automatically approved whenever you save your edits.

  10. After you approve a draft, select Publish to publish it.

When you delete a published business role, Identity Governance archives the business role for reporting and auditing purposes.