Role delegation

Administrators can authorize users to be role delegators to assign roles to users who are in a particular group. Role delegators can assign only the roles that are assigned to them.

Role delegation and record producers

These graphical workflows include the following:
  • Grant role_delegator role to user in group
  • Delegate roles to group member

These workflows can be customized as desired to add approval steps.

Group manager change business rule

The Group Manager Change business rule, which is disabled by default, automatically grants the role_delegator role to a user who is designated manager of a group in the Manager field on the Group form. The role is removed when the user is no longer the manager of the group.

Activate the business rule to take advantage of it.

View delegated roles

An administrator can view role designation in user records, the Role Delegators module, or the Role Audit module.

User records
Open a user record by navigating to User Administration > Users and selecting the user. You can see all the roles assigned to that user in the Roles related list.
Role Delegators module
To view existing role delegators and the groups in which they can delegate roles, navigate to User Administration > Role Delegators.
Role Audit module
The Audit Role list view displays all the role changes made in the instance by user and group. To access the Audit Role list, navigate to System Security > Reports > Role Audit .