Managing your BHOLD roles in the FIM Portal

Applies To: Forefront Identity Manager

By using the Microsoft BHOLD features in the Microsoft Forefront Identity Manager 2010 R2 SP1 (FIM) portal, you can request activation of roles for yourself or for other users that you are responsible for. When requesting role activation for yourself, you can perform the following tasks:

• See an overview of your roles

• Request activation of a role for yourself

• Revoke one of your roles

• Delegate one of your roles

• See all of your roles

See an overview of your roles

The BHOLD features in the FIM Portal include a dashboard that provides summary information about your roles and the applications that you have access to. The dashboard presents a pie chart that displays the relative number of roles assigned to you in the following categories:

• Proposed assigned roles, which are roles that have been activated after being submitted for approval

• Proposed unassigned roles, which are roles that have not been activated because required approval has not been granted

• Unit roles, which are roles that have been assigned to you because you belong to a particular organizational unit.

• Personal roles, which are roles that are specifically assigned to you alone

• Rule-based roles, which are roles that are assigned to you based on a predefined rule, such as a rule that is assigned to everyone who has a particular job title

To see an overview of your roles

• In the FIM Portal, in the left pane, click BHOLD Self Service, and then click the Dashboard tab.

Request activation of a role for yourself

You can request activation of a proposed role that is assigned to you. If the role requires approval, the required approvers will be sent an email message informing them of the request and providing instructions on how to approve or deny the request. If the role does not require approval, BHOLD will automatically activate the role.

To request activation of a role for yourself

1. In the FIM Portal, in the left pane, click BHOLD Self Service, and then click the Role Request tab.

2. On the New Request page, select the check box next to the role that you want to activate.

   Tip

   You can select more than one role.

   Tip

   To see the permissions granted by the role, click the Information button next to the role name.

3. In the Context list, if you belong to more than one organizational unit in the list, click the organizational unit for which you want the role to be activated.

4. In Justification, type information you want to send to approvers that explains why you need the role to be activated.

5. Select the Period check box if you want to limit the duration when the role will be effective, and then click the Calendar buttons to select the beginning and end dates.

6. Select the Receive notification when approved if you want to receive an email message informing you when the request has been approved.

7. Click Submit Request(s).

Revoke one of your roles

When you no longer need the permissions provided by a proposed role, you can revoke the role.

To revoke one of your roles

1. In the FIM Portal, in the left pane, click BHOLD Self Service, and then click the Role Request tab.

2. On the New Requests page, under Manage current roles, in the Revoke column, select the check box next to the role that you want to revoke.

   Note

   Only proposed roles that were previously activated have check boxes. Other roles are assigned automatically and cannot be revoked.

   Tip

   You can select more than one role.

3. Click Submit Request(s).

Delegate one of your roles

You can delegate a role to another user if you supervise other users. This is useful if you need the other user to be able to perform actions on your behalf. You can limit the duration during which the delegation will be effective.

To delegate one of your roles

1. In the FIM Portal, in the left pane, click BHOLD Self Service, and then click the Role Request tab.

2. On the New Requests page, under Manage current roles, in the Delegate column, select the check box next to the role that you want to delegate.

   Note

   Only proposed roles that were previously activated have check boxes. Other roles are assigned automatically and cannot be delegated.

   Tip

   You can select more than one role.

3. In Delegate to, type the name of the user you want to delegate the role to.

4. Click the Calendar buttons to select the beginning and end dates when the delegation will be effective.

5. Click Submit Request(s).

See all of your roles

You can view a list of all of the roles that are assigned to you, and you can view the permissions granted by each of those roles.

To see all of your roles

• In the FIM Portal, in the left pane, click BHOLD Self Service, click the Role Request tab, and then click My Roles.

  Tip

  To see the permissions granted by a role, click the Information button next to the role name.

See also

• Managing BHOLD Roles in the Forefront Identity Management 2010 R2 Portal

  • Managing other users' BHOLD roles in the FIM Portal