You should associate Centrify role definitions with Active Directory security groups so that you can manage them using the processes and procedures you have for managing Active Directory group membership. For example, create an Active Directory group named sanfrancisco_role_rootequivalent. You can then assign the new role definition to that group.
To assign the role definition to an Active Directory group:
- Open Access Manager.
- Expand Zones and the individual parent or child zones required to select the zone name where you want to assign the role definition.
- Expand Authorization.
- Select Role Assignments, right-click, then click Assign Role.
- Select the role definition you created for root-level access, such as root_equivalent, then click OK.
Click Add AD Account to search for and select the Active Directory security group you created for the role.
- Select Group as the object to find.
- Optionally, type all or part of the group name.
- Click Find Now,
Select the group you created for the role in the results, then click OK.
- Click OK to complete the assignment.