How to create an Administrative Role to delegate Radius clients administration for a sub-domain ?

Hi Folks !

When trying to create a dedicated “Administrative Role” for “Radius Clients” administration delegation for a sub-domain, I cannot success in creating such a role. Please find below why.

With this administrative scope chosen :

The “Manage Radius” configuration tick boxes are not present, thus you cannot affect permissions for the role on Radius clients.

When trying to create a Radius Client, with the user with the configured role affected, you even don’t have the “Add New” button in the top menu :

When adding a the tick on the top “SystemDomain” to the created Administrative Role:

Now, the “Manage Radius” configuration tick boxes are present, thus you can affect permissions for the role on Radius clients :

Now you have the “Add new” button in the top menu :

And the user with the Administrative Role can create the Radius client :

Next, proceed to the Associated RSA Agent creation :

And now comes the issue...

The user has just created a Radius Client & an associated RSA Agent, but not in its sub-domain, they were both created at top-level (SystemDomain).

In my precise config, as the user only has a delegation for RSA Agent Administration on his sub-domain, he won't be able to create the associated RSA Agent for the Radius client he just created. This sounds like non-sense to me...

I really need to get a clear explanation on this point, because I don't want to have my sub-domain administrators being able to modify the Radius Clients that should be hold in a different Security Domain, and managed by another sub-domain admins. Plus, I need them to be able to create the associated RSA Agent linked to the Radius clients, both in their affected sub-domain.

How can I proceed to have this achieved like it should be, ie ordered and managed in their own Security Sub-Domain ?

Thanks in advance for your clues and/or answers !     :-)

Kind Regards,

David