1. Data Management
  2. Security and Compliance Studio
  3. Activities

Merge security roles
Application task

You can merge existing security roles into another existing security role or a new security role.
 
On merge:
  • The selected roles remain unchanged.
  • The selected roles aren't added to the target role as such.
  • The duties and privileges of the selected roles aren't added to the target role as such.
  • All lowest entry points of the selected roles are grouped into one privilege or into a privilege for each selected type of entry point. For each selection, by default, a new privilege is created. However, if the target role already exists, you can also select an existing privilege of that role to which the entry points are added.
  • Entry points with a higher license type than the defined Max user license type are not added to the privileges.
  • If you do not define duties, the new privileges are added to the target role and, if applicable, entry points are added to the defined existing privileges.
  • You can add the defined privileges to one duty or to a duty for each selected type of privilege. For each selection, by default, a new duty is created. However, if the target role already exists, you can also select an existing duty of that role to which the privilege is added.
  • If you define duties, the new duties are added to the target role and, if applicable, privileges are added to the defined existing duties.
  • If the target role doesn't have any duties and privileges, it will only have the new privileges or duties.
  • If the target role already has duties and privileges which are not changed during the merge, these duties and privileges stay.
  • Permissions for the entry points are given as defined in the wizard. This is only applicable if the target role already exists and has the same entry points. You can choose:
    • Merge - The highest permission, whether it comes from the source role or the target role entry point, is set as the permission for the merged entry point.
    • Unset, Grant, or Deny - Whatever the permission for the entry point is in the source role or target role, it is set to the chosen one.
  • The target role is validated for segregation of duties violations. Note: If enhanced segregation of duties rules are enabled, the role assignment is validated against the enhanced segregation of duties rules.


Standard procedure

1. Click Security management.
2. Click Merge roles.
3. You can use an existing security role or a new security role as a target role.
  In the Name field, enter or select a value.
4. By default, the target role is locked after the merge is done. So, it can't be used as a target role when roles are merged.
  If you do not want to have it locked after the merge, select No in the Lock target role? field.
5. In the Available roles list, select the roles you want to merge into the target role.
 

Note: If you select roles to be merged, a segregation of duties check is done on the selected roles. If violated, a message is displayed.
6. Click the right-arrow button to move these roles to the Selected roles list.
7. Click Next.
8. You can group all lowest entry points of the selected roles into one privilege.
  Select Yes in the Create single privilege field.
 

Note: By default, a new privilege is created with the name of the target role. However, if the target role already exists, you can also select an existing privilege of that role to which the entry points are added.
9. You can group all lowest entry points of the selected roles into privileges by type of entry point.
  Select the types of entry points that you want to add from the selected roles to the target role.
 

Note: - You can only group into privileges by type of entry points if the Create single privilege field is set to No.
- By default, a new privilege is created with the name of the target role and the entry point type between parentheses. However, if the target role already exists, you can also select an existing privilege of that role to which the entry points are added.
10. You can add the defined privileges to one duty or to a duty for each selected type of privilege.
  Select Yes in the Create duty field.
11. By default, the Create single duty field is set to Yes and the defined privileges are added to one duty.
  Select No in the Create single duty field if you want to add the previously defined privileges to a duty for each privilege type.
 

Note: If you create a single duty, by default, a new duty is created with the name of the target role. However, if the target role already exists, you can also select an existing duty of that role to which the privileges are added.
12. If you have set the Create single duty field to No, you can add the defined privileges to a duty for each selected type of privilege.
  Select the privileges to be added to a duty.
 

Note: By default, a new duty is created with the name of the target role and the privilege type between parentheses. However, if the target role already exists, you can also select an existing duty of that role to which the privileges are added.
13. Click Next.
14. Define how to set the permissions for the entry points in the target role.
You can choose:
- Merge - The highest permission, whether it comes from the source role or the target role entry point, is set as the permission for the merged entry point.
- Unset, Grant, or Deny - Whatever the permission for the entry point is in the source role or target role, it is set to the chosen one.
  For each type, set the permission.
 

Note: This only is applicable if the target role already exists and has the same entry points.
15. In the Maximum user license type field, select an option.
16. Click Next.
17. Review the selected roles to be merged into the target role.
  Click Finish.
18. Each new role or change to a role must be published to become effective.
If you have clicked Finish, you can choose to directly publish the changes. Otherwise, you must publish the changes from the Unpublished objects.
  Click Yes.
Related to Notes

Merge security roles

 		 

Provide feedback