Manage permissions to multiple login accounts by creating roles and granting roles to logins.
A system security officer can define and create roles as a convenient way to grant and revoke permissions to several logins. A role can be granted only to a login account or another role.
When creating or modifying roles, these options are available:
Permissions granted to roles override permissions granted to users or groups. For example, if John is granted the role of system security officer and individual permissions of sales accounts, he can still access the sales accounts if his individual permissions are revoked because his role permissions override his user permissions.
A system security officer can define role hierarchies such that a role can be assigned to another role. For example, the chief financial officer role might contain both the financial analyst and the salary administrator roles.
Roles can be defined to be mutually exclusive. The supported exclusive types are: