Permissions for Custom Roles
If you do not want to use existing roles, create a custom role and provide the required permissions as described in the table in this topic.
To create custom role:
-
Go to RSA managed system > Administration > Administrative Role > Manage Existing .
-
Select Add Administrative Role Name.
-
In Administrative scope, select Security Domain scope .
-
Create a custom role.
Assign the following minimum permissions for a custom role:
Operations |
Permissions Category |
Permission Name |
Permission Scope |
Notes |
Test Connection |
Authentication Permission |
Authentication Agents |
View |
Before an authentication agent can communicate with authentication manager an agent record must exist in the authentication manager data store. |
General Permissions |
Identity Attribute Definition |
View |
Data element and directory mappings for user and user group. |
|
Security Domains |
View |
Security domain defines area of administrative responsibility. Administrator who can add security domains can create administrative hierarchy with their scope. |
||
Account Aggregation with Group, Role Group Aggregation |
General Permissions |
Manage User Group |
View |
With VIEW permission, groups would be aggregated. |
Manage Users |
View |
With VIEW permission, only accounts would be aggregate. |
||
Account Provisioning with Group Membership |
General Permissions |
Manage Users |
Delete, Add, Edit, View |
With all permissions account would be created and Enable/Disable/Unlock, Reset Password, Terminate session and Users: User Attribute and Mobile Number attributes would be selected. |
Users Groups: Assign Membership |
Yes |
With this permission user group membership is assigned during account creation. |
||
Users: User Attribute -Mobile Number |
Modify |
|
||
Note |
||||
Group Provisioning |
General Permissions |
Manage User Group |
Delete, Add, Edit, View |
Groups can be Created/Added/Deleted |
Token Assignment |
Authentication Permission |
SecureID Tokens |
Delete, Add, Edit, View |
Select the permission you want to grant to administrators to manage secured ID tokens. Along with this Enable/Disable Tokens, Manage Token Offline Emergency Access, Manage Token Online Emergency Access,RSA SecureID PINs and Resynchronize Tokens would be selected. |
SecureID Tokens: Assign Token |
Yes |
With this permission Token would be assigned. |
||
SecureID Tokens: Replace Tokens |
Yes |
With this permission Token would be replaced. |
||
Token Aggregation |
Authentication Permission |
SecureID Tokens |
View |
With View permission only Token would be aggregated. |