Adding a Role (BUI)

A role is a collection of authorizations that can be assigned to a user. Use this procedure to define a new role. Also see the alternative method at the end of this task, which is ideal for cloning a local role as a directory role or for cloning a system-delivered role to a local or directory role.

Note:

System roles are intended as sample roles delivered with the product. To adapt a system role for site-specific use, clone it and modify the cloned role rather than creating changes directly to the system role.

1. From the Configuration menu, select Users.
2. Click the add icon next to Roles.

   See also "Alternative Method" following this procedure.

3. In the Add Role dialog box, set the role type, name of the role, and provide a description. For local and directory roles, the first character of the name cannot be $. This character is reserved for system-delivered roles. Role types:

   • Local - Role applies to this appliance only.

   • Directory - Role applies to one of two directory group types and allows logging in as an administrator:

     • LDAP - Role applies to same-named, existing LDAP directory group. For Name, enter the exact same name for the LDAP directory group as configured on the LDAP server. Members of the same-named UNIX group are assigned this role and can log in as an administrator.

     • Active Directory - Role applies to same-named, existing Active Directory (AD) group. For Name, enter the exact same name in the format name@domain as configured for the AD group members on the AD server. Valid members of the same-named AD group are assigned this role and can log in as an administrator.

   • System roles - roles are system-delivered and are not created by using the Add Role dialog box. System roles are immutable and can only be assigned or cloned.
4. In the Authorizations section, add authorizations for this role.

   See "Scopes, Filters, and Authorizations Available for Users and Roles" in User Authorizations.

   Iterate the following steps until you have added all of the authorizations that you want this role to have:

   1. Select a Scope.

      Any filters that are available for this scope appear below the Scope selector.

   2. Specify filters for the scope as necessary.
   3. Click the check box for each authorization to add.
   4. Click ADD in the Authorizations section.

      The authorizations are listed at the bottom of the Authorizations section.

5. Click ADD at the top of the dialog box.

   The new role appears in the Roles list.

Alternative Method

To create a new role with the same authorizations as an existing role, hover over the entry for the existing role and click the clone icon . Provide a role name, select Local or Directory, and click ADD at the top of the Clone Role dialog box. The new role type can be different from the existing type. For example, a local role can be cloned to a directory role. A system role can also be cloned to a local or directory role. System roles themselves cannot be modified or deleted.

Related Topics

• Understanding Users and Roles

• User Authorizations

• Managing User Properties