This topic describes how to create one or more identity service roles for users who can request zone role assignment (requesters), and users or groups who can approve or reject zone role assignment requests (approvers).
This step is optional, but is typically done so that users and groups can easily be given request and approval permission by assigning them to the appropriate role.
To create roles for requesters and approvers:
- Open the Admin Portal, click Access, then click Roles.
- Click Add Role.
- Provide a unique name for the role.
- Click Members, then click Add.
- Type a search string to search for and select users and groups for this role, then click Add.
- Click Administrative Rights.
- In the Add Rights dialog, select one or more of the following administrative rights so that the role has access to Privileged Access Service:
- Privileged Access Service User
- Privileged Access Service Power User
- Privileged Access Service Administrator
For more information about these rights, see Admin Portal administrative rights.
Click Save to save the role.