Add an Administrative Role
An administrative role is a collection of permissions that can be assigned to an administrator. A role determines what level of control the administrator has over users, user groups, and so on.
You can add administrative roles to your deployment, and assign these roles to users. If you assign multiple administrative roles to a user, the permissions are combined.
Before you begin
To create an administrative role, you must have an administrative role that:
Grants permission to create administrative roles.
Includes the permissions he or she wants to add to the new administrative role.
Allows the administrator to delegate the permissions granted to his or her role. This is determined by the Permission Delegation setting for the role assigned to the administrator who is creating the role.
Procedure
In the Security Console, click Administration > Administrative Roles > Add New.
In the Administrative Role Name field, enter a name for the new administrative role.
(Optional) If you want to allow administrators to delegate their role permissions to other administrators, select Permission Delegation.
In the Security Domain Scope tree, select the security domains in which the new administrative role grants permissions.
By default, selecting a security domain automatically includes the subdomains. You can clear the Automatically include subdomains checkbox, and only assign the administrative role to the security domains that you select.
In the Identity Source Scope field, select the identity sources where you want this administrative role to grant permissions.
Click Next.
Assign general permissions to the administrative role.
(Optional) To restrict attributes, in the User Attribute Restriction field, select May only access specific attributes. An Attributes drop-down menu appears. Select Modify,View, or None for each attribute. If you select None, the attribute is hidden.
The value in this field must be consistent with the value specified in the Entry Type field on the Add an Identity Attribute Definition page. If the attribute definition is read-only, do not select Modify for the User Attribute Restriction. If the attribute definition is required, do not specify View or None in the User Attribute Restriction. If you do, you cannot add the role.
Click Next.
Assign authentication permissions to the administrative role.
Click Next.
Assign self-service permissions to the administrative role.
Click Next.
Use the Security Domain drop-down menu to select the security domain that is associated with the administrative role.
Review the summary of the administrative role, and click Save.
Related Concepts
Related Tasks
Edit Permissions for an Administrative Role
Change the Scope of an Administrative Role
View Your Administrative Permissions
Related References
Related Articles
Configure Handling of Incorrect Passcodes Number of Views Edit Cloud Access Service Connection Number of Views How to set up RSA ACE/Agent for UNIX without using the CD-ROM Number of Views Quick Setup Guide - Cloud Access Service POC - Step 4: Add an Access Policy Number of Views Allow All Users to Authenticate Without an RSA SecurID PIN Number of Views
Trending Articles
Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures RSA SecurID Software Token 5.0.2 Downloads for Microsoft Windows RSA Authentication Manager 8.9 Release Notes (January 2026) Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.8 Setup and Configuration Guide
