The General panel lets you provide a name and description for the role, choose an object permissions template, and assign system authorizations, command authorizations, and authorization profiles to the role.
You can grant varying levels of system authorizations to a role. For example, Server.* authorizes a user to perform all possible actions relating to servers. AuditJob.* authorizes a user to perform all possible actions relating to Audit Jobs. You can also choose to authorize more specific classes of actions. For example, AuditJob.Read lets a user view Audit Jobs. For a full listing of all possible system authorizations, see System authorizations.
Similarly, you can grant authorizations to perform specific Network Shell and nexec commands. If you do not authorize specific commands, a role faces no restrictions when using commands. In other words, a user who assumes that role can perform any command. If you do assign commands to a role, users who assume that role are restricted to those commands.
In addition to granting individual authorizations for system authorizations and commands, you can assign one or more authorization profiles to a role. An authorization profile is a collection of system and command authorizations. For more information about creating authorization profiles, see Creating an authorization profile.
Note
If you change authorizations for a role while a user is active, the console may give the appearance of that user being incorrectly authorized or not authorized for certain actions. The console does not correctly display all changed user options until the user exits and logs on again. Although the console may give the appearance of incorrectly displaying some options, the correct authorizations are always in effect at the Application Server. Thus the user can never perform an action for which he or she is not authorized.
Field definitions
Field | Description |
---|---|
Name | Identifying name. Note Try to avoid the inclusion of space characters in role names. If you must include a space character in the role name, associate a Windows automation principal with this role through the Agent ACL panel of this wizard. Using an automation principal for Windows user mapping ensures that this role will be able to access target Windows servers. |
Description | Optional descriptive text. |
Object Permissions Template | Click Browse to select an access control list (ACL) template to use to define permissions that are automatically granted to objects created by this role. |
System Commands | Under Available Authorizations, do any of the following:
|