You can merge existing security roles into another existing security role or a new security role.


Security administrator Security administrator Start Start Lock or unlock security role  as target role in  merging security roles? Lock or unlock security role  as target role in  merging security roles? Lock or unlock security role Lock or unlock security role You can lock a security role. So, it can't be used as a target role when roles are merged. If a security role lock is no longer required, you can unlock the security role. Procedure 1. Click Security management. 2. Sub-task: Lock selected roles. 3. Click the Roles tab. 4. In the list, find and select the desired records. 5. Click Lock roles. 6. Sub-task: Lock all roles. 7. Click Locked security roles. 8. Click Lock all roles. 9. Close the page. 10. Sub-task: Unlock role. 11. Click Locked security roles. 12. In the list, find and select the desired records. 13. Click Delete. 14. Click Yes. Merge security roles Merge security roles You can merge existing security roles into another existing security role or a new security role.   On merge: The selected roles remain unchanged. The selected roles aren't added to the target role as such. The duties and privileges of the selected roles aren't added to the target role as such. All lowest entry points of the selected roles are grouped into one privilege or into a privilege for each selected type of entry point. For each selection, by default, a new privilege is created. However, if the target role already exists, you can also select an existing privilege of that role to which the entry points are added. Entry points with a higher license type than the defined Max user license type are not added to the privileges. If you do not define duties, the new privileges are added to the target role and, if applicable, entry points are added to the defined existing privileges. You can add the defined privileges to one duty or to a duty for each selected type of privilege. For each selection, by default, a new duty is created. However, if the target role already exists, you can also select an existing duty of that role to which the privilege is added. If you define duties, the new duties are added to the target role and, if applicable, privileges are added to the defined existing duties. If the target role doesn't have any duties and privileges, it will only have the new privileges or duties. If the target role already has duties and privileges which are not changed during the merge, these duties and privileges stay. Permissions for the entry points are given as defined in the wizard. This is only applicable if the target role already exists and has the same entry points. You can choose: Merge - The highest permission, whether it comes from the source role or the target role entry point, is set as the permission for the merged entry point. Unset, Grant, or Deny - Whatever the permission for the entry point is in the source role or target role, it is set to the chosen one. The target role is validated for segregation of duties violations. Note: If enhanced segregation of duties rules are enabled, the role assignment is validated against the enhanced segregation of duties rules. Procedure 1. Click Security management. 2. Click Merge roles. 3. In the Name field, enter or select a value. 4. If you do not want to have it locked after the merge, select No in the Lock target role? field. 5. In the Available roles list, select the roles you want to merge into the target role. Note: If you select roles to be merged, a segregation of duties check is done on the selected roles. If violated, a message is displayed. 6. Click the right-arrow button to move these roles to the Selected roles list. 7. Click Next. 8. You can group all lowest entry points of the selected roles into one privilege. Select Yes in the Create single privilege field. Note: By default, a new privilege is created with the name of the target role. However, if the target role already exists, you can also select an existing privilege of that role to which the entry points are added. 9. You can group all lowest entry points of the selected roles into privileges by type of entry point. Select the types of entry points that you want to add from the selected roles to the target role. Note: - You can only group into privileges by type of entry points if the Create single privilege field is set to No. - By default, a new privilege is created with the name of the target role and the entry point type between parentheses. However, if the target role already exists, you can also select an existing privilege of that role to which the entry points are added. 10. Select Yes in the Create duty field. 11. By default, the Create single duty field is set to Yes and the defined privileges are added to one duty. Select No in the Create single duty field if you want to add the previously defined privileges to a duty for each privilege type. Note: If you create a single duty, by default, a new duty is created with the name of the target role. However, if the target role already exists, you can also select an existing duty of that role to which the privileges are added. 12. If you have set the Create single duty field to No, you can add the defined privileges to a duty for each selected type of privilege. Select the privileges to be added to a duty. Note: By default, a new duty is created with the name of the target role and the privilege type between parentheses. However, if the target role already exists, you can also select an existing duty of that role to which the privileges are added. 13. Click Next. 14. Define how to set the permissions for the entry points in the target role. You can choose: - Merge - The highest permission, whether it comes from the source role or the target role entry point, is set as the permission for the merged entry point. - Unset, Grant, or Deny - Whatever the permission for the entry point is in the source role or target role, it is set to the chosen one. For each type, set the permission. Note: This only is applicable if the target role already exists and has the same entry points. 15. In the Maximum user license type field, select an option. 16. Click Next. 17. Click Finish. 18. Click Yes. End End Yes No

Activities

Name Responsible Description

Lock or unlock security role

Security administrator

You can lock a security role. So, it can't be used as a target role when roles are merged.
If a security role lock is no longer required, you can unlock the security role.

Merge security roles

Security administrator

You can merge existing security roles into another existing security role or a new security role.
 
On merge:
  • The selected roles remain unchanged.
  • The selected roles aren't added to the target role as such.
  • The duties and privileges of the selected roles aren't added to the target role as such.
  • All lowest entry points of the selected roles are grouped into one privilege or into a privilege for each selected type of entry point. For each selection, by default, a new privilege is created. However, if the target role already exists, you can also select an existing privilege of that role to which the entry points are added.
  • Entry points with a higher license type than the defined Max user license type are not added to the privileges.
  • If you do not define duties, the new privileges are added to the target role and, if applicable, entry points are added to the defined existing privileges.
  • You can add the defined privileges to one duty or to a duty for each selected type of privilege. For each selection, by default, a new duty is created. However, if the target role already exists, you can also select an existing duty of that role to which the privilege is added.
  • If you define duties, the new duties are added to the target role and, if applicable, privileges are added to the defined existing duties.
  • If the target role doesn't have any duties and privileges, it will only have the new privileges or duties.
  • If the target role already has duties and privileges which are not changed during the merge, these duties and privileges stay.
  • Permissions for the entry points are given as defined in the wizard. This is only applicable if the target role already exists and has the same entry points. You can choose:
    • Merge - The highest permission, whether it comes from the source role or the target role entry point, is set as the permission for the merged entry point.
    • Unset, Grant, or Deny - Whatever the permission for the entry point is in the source role or target role, it is set to the chosen one.
  • The target role is validated for segregation of duties violations. Note: If enhanced segregation of duties rules are enabled, the role assignment is validated against the enhanced segregation of duties rules.

Provide feedback