Add a Group to a Delegated Administration Role

When you add a group to a role, you grant the users in that group—and users in any sub-groups beneath that group—access to all of the administrative rights attributed to that role.

To add a group to a Delegated Administration role:

  1. In the Delegated Administration resource tree, create a new role or select the role to which you want to add a group.
  2. Select the Add Groups to Role tab.
  3. In the "Add Groups from" field, select the authentication provider that contains the group you want to add.
  4. Select the group you want to add by clicking the arrow to the right of the group name. The selected group appears in a list to the right. Repeat these steps to select more groups. (If you do not see a list of groups, see the Notes below.)
    To remove a group from the list of groups to add, select the check box next to it and click Remove from List.
  5. Click Add Group(s) to Role.
  6. Confirm that the groups have been successfully added to the role by selecting the Role Properties tab.
  7. You can further define a role by adding users and expressions to the role.

Notes: If a list of groups is not displayed, make sure you have built a group hierarchy tree for the authentication provider. If after that you still do not see a list of groups, the authentication provider probably does not allow read access (see View Security Provider Properties to find out). However, you can activate a text field for group name entry for authentication providers that do not allow read access.

If you are using an RDBMS authentication provider, be aware of case sensitivity when looking up groups. For example, group "Managers" is different than group "managers."

Related Help Topics: