When you edit a technical role, you can change permissions assigned to the technical role and either leave the technical role active or disable the technical role. However, Identity Governance automatically disables a technical role definition if a permission included in the technical role is deleted from the application. The technical role remains in the disabled state until the permission is removed from the technical role definition or restored in the application and then collected and published to the catalog.
When you delete a technical role, Identity Governance deletes the technical role in the catalog. However, if the technical role was authorized by a business role, this deletion triggers additional evaluation and consequent actions. When you add or remove permissions from a technical role that is authorized by a business role, the changes may cause business role authorizations to be gained or lost, which may trigger evaluation and consequent actions. For more information, see Section 17.9, Automated Access Provisioning and Deprovisioning.
To edit or delete a technical role:
Log in as a Customer, Global, or Technical Roles Administrator.
Under Catalog, select Roles.
(Optional) Click the gear icon to select additional columns such number of SoDs, number of business roles, and number of users with all permissions.
Select the role you want to edit or delete.
Selecting the role displays a quick overview of the role definition including the name, description, owner, risk, state, and selected permissions.
Select Edit at the end of the details panel to edit the technical role.
(Conditional) Select Delete to delete the technical role.
You must edit the technical role to delete the technical role.
NOTE:When you delete technical roles, Identity Governance removes the role assignments and detections from the users but does not change the permissions held by the users.