Administrative Role Settings

Document created by RSA Information Design and Development on Jun 13, 2017Last modified by RSA Information Design and Development on Jun 13, 2017
Version 2Show Document
  • View in full screen mode

The following table describes the settings of an administrative role.

                                               

Administrative Role Settings

Description

Administrative Role Name

Name of an administrative role. A role name must be unique in the security domain where it is defined, but does not have to be unique for the deployment.

Administrative role names typically reflect administrators' functions within an organization, such as Help Desk, IT, or Human Resources.

Permission Delegation

Allows administrators to delegate their role permissions to other administrators.

This selection only applies to administrators who also have the ability to create, edit, and assign administrative roles.

Notes

A brief explanation of the role.

Security Domain Scope

Determines where an administrator assigned the role has administrative permissions. When an administrative role grants permissions in a security domain, permissions are also granted in each of its lower-level security domains in the security domain hierarchy.

Identity Source Scope

The identity sources where you want the administrative role to grant permissions.

General Permissions

Determines the actions an administrator can take on policies, security questions, delegated administration, users, user groups, and reports.

If the scope of the role does not include the top-level security domain, the role cannot manage identity attribute definitions, password policies, lockout policies, self-service troubleshooting policies, security questions and Console display options.

Authentication Permissions

Determines the authentication related tasks an administrator can perform. These tasks include management of RSA SecurID, user authentication attributes, authentication agents, trusted realms, RADIUS and on-demand authentication.

If the scope of the role does not include the top-level security domain, the role cannot manage RADIUS.

Self-Service Permissions

Determines the actions an administrator can take on provisioning requests.

Security Domain

The security domain that is associated with the administrative role. The new administrative role can only be managed by administrators whose scope includes the security domain that is associated with the role.

 

 


Attachments

    Outcomes