Assign Delegated Administration to Security Providers
You can determine which administrative users can view
the properties of any authentication provider or role mapper by assigning one
or more Delegated
Administration roles to a provider.
Assigning Delegated Administration to a Security Provider
- In the Security Providers tool, select the authentication provider or role
mapper for which you want to set up Delegated Administration.
To set Delegated Administration on all authentication providers or role mappers,
select the Authentication Providers node or Role Mappers node.
- Select the Edit Delegated Admin tab.
- In the Delegated Administration Roles drop-down list, select a role and
click Add Role.
- In the Capabilities field, select the "Can Use" option.
Selecting this option automatically creates a security policy for the Delegated
Administration role behind the scenes. This means that if you use the role
to delegate administration on a group in the Users & Groups tool, the
administrative users in that role will be able to manage that group and its
users.
- Repeat the previous two steps to add more roles.
- Click Save in the Capabilities column.
Removing Delegated Administration from a Security Provider
You can remove any of the Delegated Administration roles you have previously
assigned to an authentication provider or role mapper. Removing roles does not
delete them from the system. Administrative users that belong to those roles
will no longer be able to view those security provider properties.
- In the Security Providers tool, select the authentication provider or role
mapper for which you want to remove Delegated Administration.
You can also select the Authentication Providers node or Role Mappers node
if you set Delegated Administration at that level.
- Select the Edit Delegated Admin tab.
- In the Delegated Administration Roles list, select the role(s) you want
to remove.
- Click Remove Selected Roles.
Related Help Topics: