Assigning users and groups to a role

You can assign a role to an Active Directory user or to an Active Directory group. You can assign a role that is defined in the current zone or in a parent zone. You can also specify optional start and end times for the role assignment.

To assign users and groups to a role in a zone:

  1. Open the Access Manager console.
  2. Expand Zones and the parent zone or child zones until you see the zone where you want to make role assignments.
  3. Expand Authorization.
  4. Select Role Assignments, right-click, then click Assign Role.
  5. Select the role definition from the list of roles, then click OK.

    By default, the role is set to start immediately and never expire. You can set a Start time, End time, or both start and end times for the role assignment. For example, if the role applies to a contractor who will be hired for a specific amount of time and you want to automatically disable the role after they finish the job and leave the organization, you can specify the start and end times when you assign the role.

  6. Select whether the role assignment applies to all Active Directory accounts, all local accounts, or specific Active Directory and local accounts.

    To assign the role to specific accounts, click Add AD Account to search for and select the Active Directory groups or users to assign to the role, then click OK.