Change a Role's Capabilities

CAUTION:

There is no automated method for reverting a role back to its original set of capabilities.

The initial capabilities-to-roles mapping is appropriate in many cases. Instead of adjusting the capabilities of a predefined role, consider creating a new role.

To change the set of capabilities that a role provides:

Make sure you have a current backup.
In User Manager, select the role.
Right-click and select Properties.
Use either or both of these techniques:
- Incrementally add or remove capabilities from the role by selecting or clearing check boxes on the Capabilities tab.
  Note: A capability that has gray shading behind its check box comes from a contributing role and can't be removed individually.
  
  Note: If you click a selected white check box (because you want to clear that check box) and you then see a selected gray check box , your removal of the explicit assignment has revealed an underlying contributed capability.
  
  Note: You can't deselect capabilities for the unrestricted role.
- Give the role the capabilities of one or more other roles by using the Contributing Roles tab.
  Note: These relationships are dynamic; changes that you make to a role's capabilities affect any roles to which that role contributes its capabilities.
  
  Note: These relationships are monolithic; you can't selectively assign or incrementally remove a contributed capability.
This list provides details about the Capabilities tab:
- Some roles include implicit capabilities, which are not displayed on this tab. For example, the ability to create users is part of the Metadata Server: User Administration role but there is no Create Users check box on the Capabilities tab.
- The tree icons indicate the status of the items beneath a node in the tree. Clicking a tree icon changes the status of the selections beneath that icon's node. The status cycles between full, empty, and partial states, with these exceptions:
  
  The empty state doesn't occur if there are contributed capabilities.
  
  The partial state occurs only if the original settings were mixed (some capabilities selected, some capabilities not selected).
  Note: The original settings are a cache of the selections that were in place at the time that you first click a particular tree icon. Any intervening action (such as clicking a check box or clicking the tree icon for a different node) causes an update to the original settings cache. There is no cache of earlier states. If you want to undo all of your changes, click Cancel.
(Optional) On the General tab, update the role's description to reflect its revised capabilities.
Click OK to save the changes to the role.
(Optional) To test the role, temporarily assume the identity of one of its members. See Assume Another User's Identity.