In midPoint parlance, abstract role means any type of object that acts as an role. This means that abstract tole can be used to give privileges to other objects. Following object types are abstract roles in midPoint:
- Role (RoleType)
- Org (OrgType)
- Service (ServiceType)
- Archetype (ArchetypeType) - since midPoint 4.0
All those object types may act as roles. Which means they can cause provisioning of accounts or other resource objects, they may contain other abstract roles, they can form a platform for Policy Rules and so on.
In simple technical terms abstract role means that the object may contain inducement.