In the Organization Manager tree view, select an organization, and highlight Roles. The roles that belong to this organization display in the right pane.
Editing a role’s properties
In the right pane, highlight the role, right-click, and select Edit Role.
In the Edit Role dialog box, edit any of these fields, then click OK:
Role Name – the name of the role. To enable Enterprise Security to map roles automatically to Enterprise Portal roles, the role name must be unique throughout the security system. For more information, see “Implicit role mapping”.
Role DN – the distinguished name of the role.
If
you change a role’s DN, and
a role mapping exists for this role in the security.properties file,
update the mapping to use the new DN.
Description – a description of the role.
Moving a role between organizations
In the right pane, highlight a role, right-click, and select Change Organization. The Change Role Organization dialog box displays.
In the To New Organization dialog box, highlight the organization to which you want to move the role, and click OK.
Managing a role’s access permissions
To enable users to access secured assets, assign permissions to roles, and grant these roles to users or groups. To manage permissions for a role:
In the right pane, highlight the role you want to edit, right-click, and select Manage Access Permissions. The Manage Role Access Permission dialog box displays.
The Access Permissions Granted for the Role list at the bottom of the window displays the assets that this role can access, and which permissions it has.
In the left list box, select the organization. The assets that belong to this organization display in the adjacent list box.
To assign permissions, highlight an asset, then select the permission you want to add in the Available Permissions list, and click Add. The permission displays as an Assigned Permission. To add all permissions, select Add All.
If
you assign READ permission, assign LIST permission
also so that users with READ permission can list
the object using the Queries bean.
Repeat this step for each asset that you want this role to have permission to access.
To assign permissions to assets in other organizations, repeat steps 2 and 3.
To remove a permission, highlight an asset, then select the permission you want to remove in the Assigned Permissions list, and click Remove.
To save your changes, click OK.
To manage access to the controlling assets, see “Managing permissions to access controlling assets”.
Managing roles for users
In the Organization Manager tree view, select an organization, and highlight Roles.
In the right pane, highlight the role name, right-click, and select Manage User Roles. The Manage User Roles dialog box displays.
In the left list box, select the organization. The users that belong to this organization display in the adjacent list box.
To grant the role to a user, highlight the user name, and click Add. The user name displays in the Grant Role To list box. The name of the organization to which each user belongs also displays, in parentheses.
The Inherited By list box displays the roles this user inherits via his or her group memberships.
Repeat this step for each user to which you want to grant the role.
To grant the role to users in other organizations, repeat steps 3 and 4.
To revoke the role from a user, highlight the user name in the Grant Role To list box, and click Remove.
To save your changes, click OK.
Managing roles for groups
In the right pane, highlight the role you want to edit, right-click, and select Manage Group Roles. The Manage Group Roles dialog box displays.
In the left list box, select an organization. The groups defined in this organization display in the center list box.
To grant the role to a group, select the group in the center list box, and click Add. The role displays in the Grant Role To list box. The name of the organization to which each group belongs also displays, in parentheses
To grant the role to a group that is defined in another organization, repeat steps 2 and 3.
To revoke the role from a group, select the group in the Grant Role To list box, and click Remove.
Click OK.
