Adding predefined rights to a zone

There are many predefined rights available that grant access to specific Windows applications. For example, there is a predefined Performance Monitor right that allows you to run Performance Monitor on a computer without being a local administrator or knowing an administrative password.

You can add any or all of these predefined rights to any zone so they are available to include in role definitions. Alternatively, you can add predefined rights to individual role definitions without adding them to zones. In either case, you create grant predefined rights in the context of a role definition.

To add predefined rights to a zone and the Windows Login role:

  1. On the Windows client computer, open the Access Manager console.
  2. Expand Zones and the parent zone or child zones until you see the zone (for example, Headquarters) where you want to add predefined rights.
  3. Expand Authorization > Role Definitions.
  4. Select the Windows Login role definition, right-click, then select Add Right.
  5. Select Any Windows Rights from the Type list to filter the list of rights displayed.
  6. Select the Headquarters zone from the list of zones, and then click Create Predefined Rights.

    The list of predefined rights that you can add to the Headquarters zone and to the Windows Login role is displayed. In the next steps, you will select which rights to add to the Headquarters zone. From the rights that you add to the Headquarters zone, you will select which, if any, to also add to the Windows Login role.

  7. From the list of predefined rights, select the rights that you want to add to the Headquarters zone and to the Windows Login role, and then click OK.

    By default, all of the predefined rights that you select will be added to the Headquarters zone and to the Windows Login role. In the next step, you will deselect rights so that they are added only to the zone and not to the role.

  8. Deselect predefined rights that you do not want to add to the Windows Login role.

    Rights that you deselect are added only to the Headquarters zone. Rights that you leave selected are added to both the Headquarters zone and the Windows Login role.

  9. Click OK to add the predefined rights to the zone, role, or both according to your selections in Step 8.

    If you deselected all available predefined rights, the OK button is not available to click. In this scenario, click Cancel to add the rights to the zone without adding them to the role definition.

    After you perform this step, the predefined rights that you deselected are not added to the Windows Login role, but are added to the Headquarters zone so that they can be added later to roles in the zone as needed.

You can click Refresh in Access Manager to see the predefined rights listed as Windows application rights.