The managed role object is a default managed object type that uses the relationships mechanism. You should understand how relationships work before you read about IDM roles.
IDM supports two types of roles:
Provisioning roles : used to specify how objects are provisioned to an external system.
Provisioning roles are created as managed roles, at the context path
openidm/managed/role/role-name, and are granted to managed users as values of the user’s
Authorization roles : used to specify the authorization rights of a managed object internally, within IDM.
Authorization roles are created as internal roles, at the context path
openidm/internal/role/role-name, and are granted to managed users as values of the user’s