The following table describes the settings of an administrative role.
Administrative Role Settings
Administrative Role Name
Name of an administrative role. A role name must be unique in the security domain where it is defined, but does not have to be unique for the deployment.
Administrative role names typically reflect administrators' functions within an organization, such as Help Desk, IT, or Human Resources.
Allows administrators to delegate their role permissions to other administrators.
This selection only applies to administrators who also have the ability to create, edit, and assign administrative roles.
A brief explanation of the role.
Security Domain Scope
Determines where an administrator assigned the role has administrative permissions. When an administrative role grants permissions in a security domain, permissions are also granted in each of its lower-level security domains in the security domain hierarchy.
Identity Source Scope
The identity sources where you want the administrative role to grant permissions.
Determines the actions an administrator can take on policies, security questions, delegated administration, users, user groups, and reports.
If the scope of the role does not include the top-level security domain, the role cannot manage identity attribute definitions, password policies, lockout policies, self-service troubleshooting policies, security questions and Console display options.
Determines the authentication related tasks an administrator can perform. These tasks include management of RSA SecurID, user authentication attributes, authentication agents, trusted realms, RADIUS and on-demand authentication.
If the scope of the role does not include the top-level security domain, the role cannot manage RADIUS.
Determines the actions an administrator can take on provisioning requests.
The security domain that is associated with the administrative role. The new administrative role can only be managed by administrators whose scope includes the security domain that is associated with the role.