The next step in configuring the top-level parent zone is to link the Active Directory role groups created in Create groups for the default roles in the parent zone with the listed and UNIX Login role definitions that are predefined in the parent zone. You create this link between an Active Directory group name and the combination of rights associated with a role name by assigning the Active Directory group to the role.
- Start Access Manager.
- In the console tree, expand Zones, the top-level parent zone, and Authorization nodes.
- Select Role Assignments, right-click, then click Assign Role.
- Find the ZoneName_Role_Listed Active Directory group, then click OK.
- Click Browse.
- Select the listed role from the list of available roles, then click OK.
- Check that the Start immediately and Never expire options are selected and appropriate or deselect those options and set start and end times, then click OK.
- Repeat Step 3 through Step 7for the ZoneName_Role_Login Active Directory group and the UNIX Login role.