Permissions for Custom Roles

If you do not want to use existing roles, create a custom role and provide the required permissions as described in the table in this topic.

To create custom role:

  1. Go to RSA managed system > Administration > Administrative Role > Manage Existing .

  2. Select Add Administrative Role Name.

  3. In Administrative scope, select Security Domain scope .

  4. Create a custom role.

Assign the following minimum permissions for a custom role:

Operations

Permissions Category

Permission Name

Permission Scope

Notes

Test Connection

Authentication Permission

Authentication Agents

View

Before an authentication agent can communicate with authentication manager an agent record must exist in the authentication manager data store.

General Permissions

Identity Attribute Definition

View

Data element and directory mappings for user and user group.

Security Domains

View

Security domain defines area of administrative responsibility. Administrator who can add security domains can create administrative hierarchy with their scope.

Account Aggregation with Group, Role

Group Aggregation

General Permissions

Manage User Group

View

With VIEW permission, groups would be aggregated.

Manage Users

View

With VIEW permission, only accounts would be aggregate.

Account Provisioning with Group Membership

General Permissions

Manage Users

Delete, Add, Edit, View

With all permissions account would be created and Enable/Disable/Unlock, Reset Password, Terminate session and Users: User Attribute and Mobile Number attributes would be selected.

Users Groups: Assign Membership

Yes

With this permission user group membership is assigned during account creation.

Users: User Attribute -Mobile Number

Modify

 

Note
For Account - Role assignment operation, Application User requires ‘SuperAdmin Role’ privileges.

Group Provisioning

General Permissions

Manage User Group

Delete, Add, Edit, View

Groups can be Created/Added/Deleted

Token Assignment

Authentication Permission

SecureID Tokens

Delete, Add, Edit, View

Select the permission you want to grant to administrators to manage secured ID tokens. Along with this Enable/Disable Tokens, Manage Token Offline Emergency Access, Manage Token Online Emergency Access,RSA SecureID PINs and Resynchronize Tokens would be selected.

SecureID Tokens: Assign Token

Yes

With this permission Token would be assigned.

SecureID Tokens: Replace Tokens

Yes

With this permission Token would be replaced.

Token Aggregation

Authentication Permission

SecureID Tokens

View

With View permission only Token would be aggregated.