Adding predefined rights to a zone

There are many predefined rights available that grant access to specific Windows applications. For example, there is a predefined Performance Monitor right that allows users to run Performance Monitor on a computer without being a local administrator or knowing an administrative password.

You can add any or all of these predefined rights to any zone so they are available to include in role definitions. Alternatively, you can add predefined rights to individual role definitions without adding them to zones. In either case, you create the predefined rights in the context of a role definition.

To create predefined rights in a zone:

  1. Open the Access Manager console.
  2. Expand Zones and the parent zone or child zones until you see the zone where you want to define a predefined right.
  3. Expand Authorization > Role Definitions.
  4. Select a role definition, right-click, then select Add Right.
  5. Select a type of right if you want to filter the list of rights displayed.

    For example, select Any Windows Rights or Any Windows Applications to list only Windows-specific rights.

  6. Click Create Predefined Rights.
  7. Select the specific predefined rights you want created in the zone you selected in Step 2 from the list of available rights, then click OK.

    By default, all of the selected predefined rights are added to the role definition in the zone. You can deselect any of the rights you don’t want added to the role definition.

  8. If you have selected at least one of the predefined rights as applicable for the role definition, click OK.

    If none of the predefined rights is applicable for the role definition, you can click Cancel to add the rights to the zone without adding them to the role definition.

You can click Refresh in Access Manager to see the predefined rights listed as Windows application rights.