Creating a role definition that allows local users

Most role definitions are only applicable to Active Directory users and groups. In some cases, however, you might want to create a role definition that can be assigned to local users. For example, you might want to assign local users to a role that grants rescue rights to ensure a specific local account can log on if an Active Directory user is not available.

Role definitions that allow local users to be assigned cannot include PAM access rights or SSH rights, however, and therefore do not include any of the UNIX system rights. You can use role definitions that allow local users to assign specific command rights to local and Active Directory users. You can also set the audit level for the role definitions that allow local users to be assigned.

If you select the option to allow local users, you can specify the local accounts when you assign the role by clicking Add Local Account, then typing the name of local UNIX or Windows accounts to assign to the role. The Add Local Account option is not displayed when assigning a role definition that does not allow local accounts.