Roles and their Properties

Each account must have one role assigned to it. Roles contain a standard set of tasks that are allowed or disallowed according to the settings in the particular role.

If you change the properties for a particular role, the changes are reflected in all instances of the role that appear in Enterprise Manager. This is true regardless of whether the role has been assigned to any accounts.

For example, in the Acme company, a role named Phone Support is listed under the Roles item, and user accounts Edgar, Olivia, and Morgan each have the role Phone Support assigned.  The administrator selects the role Phone Support that is displayed under Edgar's user account, and changes the role properties. The next time Edgar, Olivia, or Morgan log on, their roles will all reflect the changes that were made. In addition, the role "Phone Support", when it is subsequently assigned to other users, also reflects the changes.  

Role Properties Dialog

To access this dialog, you must have permission to manage administrators and roles. Right-click the role name and select Properties. The Role Attributes dialog contains the following tabs:

Identity tab




The name of the role. Required


Optional description.


Configuration Tab

Properties on the Configuration tab give user accounts Open to Manage or Open to Browse permissions for those configurations that are associated with the account.

Conditions for Browse or Manage



Manage Configurations

Yes allows Open to Manage for all configurations that are assigned to the Account.

The administrator can perform all Enterprise Manager tasks for Configurations, Groups, Queries, Directories, Policy Plans, and Master Profiles.

Roles that have Open to Manage set to Yes also allow the administrator to Open to Browse.

Note: If a configuration is Open to Manage by one administrator, it cannot be opened to Manage or Browse by any other administrator.

You cannot Open to Manage a configuration that is Open to Browse or Open to Manage by another user.

Browse Configurations

Yes allows Open to Browse for all configurations that are assigned to the Account.

  • Groups object is visible; user can expand to view group names.

  • Group names can be expanded; user can run reports on the group.

  • Policies associated with the group are visible.

Administrator can run Global Reports from the Configuration level, and Reports from the Group or Policy level.

Administrator can get Policy and Job Agent status.

Administrator cannot evaluate the policy tree on command, or remove the policy.

Open to Browse (if Open to Manage = No) prevents access to any Enterprise Manager elements that are used in policy development and Enterprise Manager configuration.  Therefore the following items are not available:

  • Queries, Directories, Policy Plans, and Master Profiles are not visible.

  • Attribute dialogs are not available.

Note: Multiple administrators can have the same configuration Open to Browse.

You cannot Open to Browse a configuration that is Open to Manage by another user.


Security Tab



Manage Administrators and Roles

Yes allows Open to Manage for the Security item and its contents. Administrator can

  • View, edit attributes of, and create new roles and accounts

  • Assign roles and configurations to user accounts

Browse Administrators and Roles

Yes allows Open to Manage for the Security item.

  • Expand Roles item to view the list of role names.

  • Expand Accounts to view the account names and the role assigned to each. However, you cannot view the list of configurations that the account is allowed to manage.


Advanced Options Tab



Hide Disabled Menu Items

Yes displays only those menu items that the role allows the administrator to select.

No displays all menu items, with disabled items dimmed.

Suppress Confirmation

Yes does not display confirmation dialogs before tasks are executed.

(Implicit access to) All Configurations

Yes allows the entire list of configurations to display under the Configurations item when the administrator logs in to Enterprise Manager (regardless of the explicit configurations that are assigned to the Account Name under the Security item.)

Whether the account can select Open to Browse or Open to Manage for the configurations depends on the settings on the Configuration Tab.  

Warning: Even though a Yes gives the account access to all configurations, this setting does not cause the configurations to appear under the account in the interface. However, the allowed access for the account is the same as if you dragged the configurations to the account.

(Implicit Access to) All Permissions

Yes allows user to:

  • Display entire list of configurations, select any for Open to Manage, and perform all tasks

  • Open to Manage Administrators, and perform all tasks related to Roles and Accounts.

Warning: This setting overrides all other attribute settings that pertain to Configurations and Administrators. It gives the account to which the role is assigned permission to perform all tasks for all items in Enterprise Manager.