Change the Scope of an Administrative Role
The scope of an administrative role determines which security domains and identity sources an administrator can manage. You can only modify the scope of a role that has the same or narrower scope as the role assigned to you.
If you change the scope, so that it does not include the entire deployment and only includes lower-level security domains, when you assign permissions to the role, you cannot grant any system-level permissions to the role, such as logging configuration. You cannot edit the Super Admin role.
Procedure
In the Security Console, click Administration > Administrative Roles > Manage Existing.
Click the administrative role that you want to edit, and select Edit.
In the Security Domain Scope tree, select the security domains in which the new role grants permissions.
The security domain scope determines where an administrator assigned this role has administrative permissions. When a role grants permissions in a security domain, permissions are also granted in each of its lower-level security domains in the security domain hierarchy.
In the Identity Source Scope field, select the identity sources where you want this role to grant permissions.
Click Saveand Finish.
Related Articles
Assign an Administrative Role 43Number of Views Administrative Role Scope and Permissions 33Number of Views Administrative Role Overview 127Number of Views Add an Administrative Role 24Number of Views Administrative Roles for the Cloud Administration Console 173Number of Views
Trending Articles
RSA Release Notes for RSA Authentication Manager 8.8 RSA Authentication Manager 8.9 Release Notes (January 2026) When running "acm startdb" or "service aveksa_server startdb" for RSA Via Lifecycle & Governance the error "PRCD-1027 : Fa… RSA Authentication Manager 8.9 Patches and Hotfixes Readme RSA Authentication Manager Upgrade Process