Name of an administrative role. A role name must be unique in the security domain where it is defined, but does not have to be unique for the deployment.

Administrative role names typically reflect administrators' functions within an organization, such as Help Desk, IT, or Human Resources.

Allows administrators to delegate their role permissions to other administrators.

This selection only applies to administrators who also have the ability to create, edit, and assign administrative roles.

A brief explanation of the role.

Determines where an administrator assigned the role has administrative permissions. When an administrative role grants permissions in a security domain, permissions are also granted in each of its lower-level security domains in the security domain hierarchy.

The identity sources where you want the administrative role to grant permissions.

Determines the actions an administrator can take on policies, security questions, delegated administration, users, user groups, and reports.

If the scope of the role does not include the top-level security domain, the role cannot manage identity attribute definitions, password policies, lockout policies, self-service troubleshooting policies, security questions and Console display options.

Determines the authentication related tasks an administrator can perform. These tasks include management of SecurID, user authentication attributes, authentication agents, trusted realms, RADIUS and on-demand authentication.

If the scope of the role does not include the top-level security domain, the role cannot manage RADIUS.

Determines the actions an administrator can take on provisioning requests.