Delegate administrative tasks on the parent zone

The next step in configuring the top-level parent zone is to delegate administrative authority to the Zone Administrators group and to delegate specific permissions to the service account for the Zone Provisioning Agent to enable automated provisioning of user and group profiles in the parent zone.

To delegate administrative tasks on the top-level parent zone:

  1. Start Access Manager.
  2. In the console tree, expand the Zones node.
  3. Select the top-level parent zone, right-click, then click Delegate Zone Control.
  4. Click Add.
  5. Change the Find list from User to Group, type z, then click Find Now.
  6. Select Zone Administrators in the results, then click OK.
  7. Click Next.
  8. Select All to enable members of the Zone Administrators group to perform all administrative tasks on the top-level parent zone, then click Next.
  9. Review your selections, then click Finish.
  10. Right-click, then click Delegate Zone Control.
  11. Click Add.
  12. Type all or part of the service account name for the Zone Provisioning Agent that you created in About Zone Provisioning Agent and its requirements, click Find Now, then select the service account in the results and click OK.
  13. Click Next.
  14. Select the following delegation rights for the Zone Provisioning Agent service account, then click Next:

    • Change zone properties
    • Add users
    • Add groups
    • Remove users
    • Remove groups
  15. Review your selections, then click Finish to save the changes and close the dialog.