IAM.cloud ships with the follwing set of built-in application roles that can be requested through the web portal:

IAM.cloud application role

Description

IAM.cloud administrator

Members of this IAM.cloud application role are able to configure an IAM.cloud instance.

Auditor

Member of these IAM.cloud application role can view all the data required for auditing.

Business role attestor

Members of this IAM.cloud application role can perform attestations for business roles.

Business roles administrator

Members of this IAM.cloud application role are allowed to maintain business roles and specify their members.

Chief approval team member

Members of this IAM.cloud application role are allowed to perform IT Shop approvals.

Company policy administrator

Members of this IAM.cloud application role are allowed to maintain company policies.

Company policy attestor

Members of this IAM.cloud application role can perform attestations for policies.

Company policy exception approver

Members of this IAM.cloud application role can edit policy violations.

Company policy supervisor

Members of this IAM.cloud application role can edit working copies of policies.

Compliance & Security Officer

The member of these IAM.cloud application role can maintain attestation policies.

Employee data administrator

Members of this IAM.cloud application role are allowed to maintain employee data.

Global Target system administrator

Members of this IAM.cloud application role manage those responsible for dedicated target systems.

Global Target system configurator

Members of this IAM.cloud application role configure target systems connectivity.

Identity Audit administrator

Members of this IAM.cloud application role are allowed to edit compliance rules and SAP functions. They specify attestators, exception approvers and rule supervisors.

Identity Audit attestor

Members of this IAM.cloud application role can perform attestations for compliance rules.

Identity Audit exception approver

Members of this IAM.cloud application role can edit rule violations.

Identity Audit rule supervisor

Members of this IAM.cloud application role can edit working copies of compliance rules.

Organization data administrator

Members of this IAM.cloud application role are allowed to maintain departments, cost centers and locations and specify their members.

Organization data attestor

Members of this IAM.cloud application role can perform attestations for departments, cost centers and locations.

Portal request attestor

Members of this IAM.cloud application role can perform attestations for Portal requests.

Recertifier of external users

Members of this IAM.cloud application role perform recertifications of external users.

Report subscription administrator

Members of this IAM.cloud application role are allowed to execute all configuration and administrative tasks for report subscriptions.

Source data administrator

Members of this IAM.cloud application role are allowed to manage source data.

The initial named respresentative of an IAM.cloud customer will be established in all these roles in order to start rolling out the IAM.cloud instance.