Administrative Role SettingsAdministrative Role Settings
The following table describes the settings of an administrative role.
Administrative Role Settings |
Description |
Administrative Role Name |
Name of an administrative role. A role name must be unique in the security domain where it is defined, but does not have to be unique for the deployment. Administrative role names typically reflect administrators' functions within an organization, such as Help Desk, IT, or Human Resources. |
Permission Delegation |
Allows administrators to delegate their role permissions to other administrators. This selection only applies to administrators who also have the ability to create, edit, and assign administrative roles. |
Notes |
A brief explanation of the role. |
Security Domain Scope |
Determines where an administrator assigned the role has administrative permissions. When an administrative role grants permissions in a security domain, permissions are also granted in each of its lower-level security domains in the security domain hierarchy. |
Identity Source Scope |
The identity sources where you want the administrative role to grant permissions. |
General Permissions |
Determines the actions an administrator can take on policies, security questions, delegated administration, users, user groups, and reports. If the scope of the role does not include the top-level security domain, the role cannot manage identity attribute definitions, password policies, lockout policies, self-service troubleshooting policies, security questions and Console display options. |
Authentication Permissions |
Determines the authentication related tasks an administrator can perform. These tasks include management of SecurID, user authentication attributes, authentication agents, trusted realms, RADIUS and on-demand authentication. If the scope of the role does not include the top-level security domain, the role cannot manage RADIUS. |
Self-Service Permissions |
Determines the actions an administrator can take on provisioning requests. |
Security Domain |
The security domain that is associated with the administrative role. The new administrative role can only be managed by administrators whose scope includes the security domain that is associated with the role. |