Hi Folks !
When trying to create a dedicated “Administrative Role” for “Radius Clients” administration delegation for a sub-domain, I cannot success in creating such a role. Please find below why.
With this administrative scope chosen :
The “Manage Radius” configuration tick boxes are not present, thus you cannot affect permissions for the role on Radius clients.
When trying to create a Radius Client, with the user with the configured role affected, you even don’t have the “Add New” button in the top menu :
When adding a the tick on the top “SystemDomain” to the created Administrative Role:
Now, the “Manage Radius” configuration tick boxes are present, thus you can affect permissions for the role on Radius clients :
Now you have the “Add new” button in the top menu :
And the user with the Administrative Role can create the Radius client :
Next, proceed to the Associated RSA Agent creation :
And now comes the issue...
The user has just created a Radius Client & an associated RSA Agent, but not in its sub-domain, they were both created at top-level (SystemDomain).
In my precise config, as the user only has a delegation for RSA Agent Administration on his sub-domain, he won't be able to create the associated RSA Agent for the Radius client he just created. This sounds like non-sense to me...
I really need to get a clear explanation on this point, because I don't want to have my sub-domain administrators being able to modify the Radius Clients that should be hold in a different Security Domain, and managed by another sub-domain admins. Plus, I need them to be able to create the associated RSA Agent linked to the Radius clients, both in their affected sub-domain.
How can I proceed to have this achieved like it should be, ie ordered and managed in their own Security Sub-Domain ?
Thanks in advance for your clues and/or answers ! :-)