Defined roles in IDM are just that, roles that are defined by an IDM user. Defined roles are a powerful mechanism that makes it easy to enable access to the proper LC hosts and groups based on the user's project. When a new person is added to a project, they only need to be added to the associated defined role, which would then automatically grant all of the needed host and group permissions.  

Creating a Defined Role

An LC Coordinator can request the creation of a new defined role by sending a request to the LC IDM team at lc-idm-admin@llnl.gov. The information needed for a request includes:

• The name of the role
• Which networks the role is needed in (OCF, SCF, SNSI)
• The LC groups and LC hosts which are associated with the role (i.e., the access being granted by membership in the role)
• The ouns of the people who can approve membership changes for this role
• Required membership traits (e.g., US citizen, Q-Clearance)

Adding or Removing Members of a Defined Role

See IDM—Add or Remove Role Members to manage role membership.