17.7 Editing Business Roles

Identity Governance allows you to edit business roles. If you edit and save an approved business role, the state changes to DRAFT, and the role must be re-approved. To edit a published business role, a new draft copy is made for editing, and the published role continues to be used in governance processes until the new draft is approved and published. You can also use the bulk action menu to download business roles as JSON files. After editing, you can import the roles on the page that lists all business roles.

To edit a business role:

  1. Log in to Identity Governance as a Business Role or Global Administrator.

  2. Select Policy > Business Roles.

  3. Select the business role you want to edit, then click Edit.

  4. (Optional) If the business role is published, on the top of the page, click Edit.

    NOTE:We recommend that you think through business role definitions and add all members and authorizations before publishing. If you need to make changes after publishing, keep in mind that business role detections compare your last published state with the current state and automatically generate grants and revocations if auto-grants and auto-revoke settings are enabled. Also, note that the membership policy of a business role can include members from other published business roles, however, circular inclusions are not allowed.

    Identity Governance creates a draft of the business role for you to edit on the Draft tab.

  5. Make the appropriate changes to the business role.

  6. Select Save to save the draft.

  7. (Conditional) Click Compare with published to compare the draft version with the published version of the business role to ensure that the changes are correct.

  8. (Conditional) If the business role approval policy requires approval, when the draft is ready for approval, click Submit for approval. If the business role approval policy does not require approval, the draft is automatically approved whenever you save your edits.

  9. After you approve a draft, select Publish to publish it.

When you delete a published business role, Identity Governance archives the business role for reporting and auditing purposes.