Role - General
The General panel lets you provide a name and description for the role, choose an object permissions template, and assign system authorizations, command authorizations, and authorization profiles to the role.
You can grant varying levels of system authorizations to a role. For example, Server.* authorizes a user to perform all possible actions relating to servers. AuditJob.* authorizes a user to perform all possible actions relating to Audit Jobs. You can also choose to authorize more specific classes of actions. For example, AuditJob.Read lets a user view Audit Jobs. For a full listing of all possible system authorizations, see System authorizations.
Similarly, you can grant authorizations to perform specific Network Shell and nexec commands. If you do not authorize specific commands, a role faces no restrictions when using commands. In other words, a user who assumes that role can perform any command. If you do assign commands to a role, users who assume that role are restricted to those commands.
In addition to granting individual authorizations for system authorizations and commands, you can assign one or more authorization profiles to a role. An authorization profile is a collection of system and command authorizations. For more information about creating authorization profiles, see Creating an authorization profile.
If you change authorizations for a role while a user is active, the console may give the appearance of that user being incorrectly authorized or not authorized for certain actions. The console does not correctly display all changed user options until the user exits and logs on again. Although the console may give the appearance of incorrectly displaying some options, the correct authorizations are always in effect at the Application Server. Thus the user can never perform an action for which he or she is not authorized.
Try to avoid the inclusion of space characters in role names. If you must include a space character in the role name, associate a Windows automation principal with this role through the Agent ACL panel of this wizard. Using an automation principal for Windows user mapping ensures that this role will be able to access target Windows servers.
Optional descriptive text.
Object Permissions Template
Available Authorizations >
Profiles/ System / Commands
Under Available Authorizations, do any of the following:
Use Shift-click or Control-click to select multiple items. Click the right arrow to move your selections to the Selected Authorizations list.