VMware Identity Manager uses role-based access control to manage administrator roles. With roles-based access control, you create functional roles that control admin access to tasks in the VMware Identity Manager console, and assign the roles to one or more users and groups.

Three predefined administrator roles are built in to the VMware Identity Manager service. You can assign these predefined roles to users and groups in your service. You cannot modify or delete these roles.

You can also create custom administrator roles that give limited permissions to specific services in the VMware Identity Manager console. Within the service, specific operations can be selected as the type of action that can be performed in the role.