Security Roles

Security roles are used to grant access to data (groups, queries, reports, etc.) and to grant access to applications (Group Builder, Query-Report Builder, Policy Builder, CAS, Security Assessments, etc).

By default, when a component is initially defined, only the owner (the person who defined it) and the admin user (who has special privileges) are allowed to access and modify that component.

You can allow other users to access the components you define by assigning security roles. For example, if you assign a security role named DBA to an audit process, all users assigned the DBA role will be able to access that audit process.

Note: In order to configure LDAP user import, accessmgr user must have the privilege to run the Group Builder. In certain situations, when changes are made to the role privilege, accessmgr's privilege to Group Builder can be taken away. This results in an inability to save or run successfully LDAP user import. Go to the access management portal, select Role Permissions. Choose the Group Builder application and make sure that there is a checkmark in the all roles box or a checkmark in the accessmgr box.

Assign Security Roles

  1. Open or select the item to which you want to assign one or more security roles (a policy or report definition, for example).
  2. Click Roles.
  3. Check all of the roles you want to assign from the Assign Security Roles list. You can only assign roles that are assigned to your account.
  4. Click Apply.

Define a new Security Role

By default, only the special accessmgr user is allowed to create or remove security roles.

  1. Login as accessmgr and open the User Role Browser by clicking Access > Access Management > User Role Browser.
  2. At the end of the role browser, click Add Role.
  3. In the Role Form panel, enter a new Role Name and click Add Role.

Remove a Security Role

By default, only the special accessmgr user is allowed to create or remove security roles. To remove a role assigned to a component, see Assign security roles to a component.

  1. Login as accessmgr and open the User Role Browser by clicking Access > Access Management > User Role Browser.
  2. Click Delete for any role, and then click Confirm Deletion.