AnsweredAssumed Answered

How to create an Administrative Role to delegate Radius clients administration for a sub-domain ?

Question asked by David Pala on Dec 5, 2019
Latest reply on Dec 27, 2019 by David Pala

Hi Folks !

 

When trying to create a dedicated “Administrative Role” for “Radius Clients” administration delegation for a sub-domain, I cannot success in creating such a role. Please find below why.

 

With this administrative scope chosen :

 

The “Manage Radius” configuration tick boxes are not present, thus you cannot affect permissions for the role on Radius clients.

When trying to create a Radius Client, with the user with the configured role affected, you even don’t have the “Add New” button in the top menu :

 

When adding a the tick on the top “SystemDomain” to the created Administrative Role:

 

Now, the “Manage Radius” configuration tick boxes are present, thus you can affect permissions for the role on Radius clients :

 

Now you have the “Add new” button in the top menu :

 

And the user with the Administrative Role can create the Radius client :

 

Next, proceed to the Associated RSA Agent creation :

 

And now comes the issue...

The user has just created a Radius Client & an associated RSA Agent, but not in its sub-domain, they were both created at top-level (SystemDomain).

 

In my precise config, as the user only has a delegation for RSA Agent Administration on his sub-domain, he won't be able to create the associated RSA Agent for the Radius client he just created. This sounds like non-sense to me...

 

I really need to get a clear explanation on this point, because I don't want to have my sub-domain administrators being able to modify the Radius Clients that should be hold in a different Security Domain, and managed by another sub-domain admins. Plus, I need them to be able to create the associated RSA Agent linked to the Radius clients, both in their affected sub-domain.

 

How can I proceed to have this achieved like it should be, ie ordered and managed in their own Security Sub-Domain ?

 

Thanks in advance for your clues and/or answers !     :-)

 

Kind Regards,

David

Outcomes