Configure policies for user roles

Use the Policies tab in the New User Role dialog box to specify the permitted operations you want to associate with the policies and packages containing categories assigned to this role. A category is set in the policy editor for each particular policy type. Operators you assign to this role can view specified policies and perform permitted operations on them, such as configuring or modifying the policies.

A default policy category will be assigned to each role and cannot be removed from the list of policy categories in the Policies tab. This default group allows you to grant permission to perform administrative tasks on policies that do not contain any of the categories assigned to this user role. Default rights apply unless different rights have been assigned to a particular object.

In addition, you can also assign general administrative rights to a user role. These are independent of policy categories. Think of these as global rights that you can set for a particular user role.

You can use these permissions to provide levels of security by assigning different rights to different operators so that powerful features are not controlled by one user.

To configure policies for user roles

1. Open the User Roles dialog box if it is not already open.
   1. Select a node, service, or tool in the console tree.
   2. Click on the Configuration toolbar to open the User Role Configuration Editor and display the User Roles dialog box or right-click to open the shortcut menu and select Configure User Roles.
2. Click New to open the New User Role dialog box. The General tab displays by default.
3. Select the Policies tab.
4. Type or select the name of the policy category you are assigning to this user role in the Enter Category box.
5. Click Add to add the policy category to the Categories assigned to this Role box.
6. To set permissions for this policy category, select the policy category name. The Remove and Permissions buttons become available.
7. Click Permissions to open the Policy Permissions for Category dialog box. The title of the dialog box reflects the name of the policy category you selected.
8. Specify the permissions you want to associate with this policy category and click OK to confirm your choices, close the Policy Permissions for Category dialog box, and return to the Policies tab in the New User Role dialog box.

   Available categories are indicated by abbreviations across the top of the Categories assigned to this Role box. The permissions you associated with this policy category are indicated by Xs beneath the abbreviations.

9. Specify any general administrative rights you want to assign to this user role:
   • View Policy Management: You must select this check box in order for operators to be able to view the policy management selections in the scope pane. Unless you set this check box, operators will see nothing relating to policy management in the console.
   • Administer Policies and Packages: The operator can configure the Policy Management server. This includes operations such as add/remove packages/policy types, deployment of packages and instrumentation, reinstall all, and uninstall all.
   • Ignore Policy Owner: The operator can deploy policies even if a version of these policies has already been deployed by another management server.
   • Policy Group Handling: The operator can create, rename, delete, copy, and move policy groups. The operator can also assign and unassign policies to and from groups.
   • Job Handling: The operator can start and suspend deployment jobs.
10. Click Apply to apply your changes.
11. Select the Users tab to continue configuring this user role.

Related Topics:

• Set permissions for policy categories
• User roles and levels of security