Define role delegators and delegate roles

You can designate role delegators. A role delegator can assign roles to users who are in a particular user group.

Before you begin

Role required: admin to define role delegators, and role_delegator to delegate roles

About this task

The roles that delegators can assign to other users include the roles that the delegator inherits from a group and those roles that the administrator assigns to the delegator.


  1. Navigate to User Administration > Designate Role Delegator.
  2. Select the group that includes the user who you want to be the role delegator.
  3. Select the user.
  4. Click Submit.
    A change request for the role delegator request is created and automatically approved.
    Role delegator change request
  5. If you are a role delegator, complete the following steps to delegate a role.
    1. Navigate to User Administration > Delegate Roles in Group and fill out the form.
      Field Input Value
      Group Select the group in which to delegate a role or roles to a member. Any group can be selected, including groups that the role_delegator does not belong to or groups that the role_delegator does not manage.
      User Select the group member to delegate a role or roles.
      Roles to delegate Select the roles to delegate to the group member. The roles available for delegating are only the roles that the role_delegator has.
    2. Click Submit.
      Upon submission, a change request is created for the delegation request. This change request is approved automatically, and the specified roles are granted to the named user in the group selected.

      Delegated roles can be removed in the same form by reversing the process. Select the group and user, remove the unwanted roles from the Roles slushbucket, and then resubmit the request.

    3. (Optional) To remove a delegated role from a user, open the delegation record and remove the unwanted role or roles.