Creating a device group
Depending on your organization requirements, you can create a device group to manage a subset of devices that have a restricted business use, such as LTO tape drives used by a single division. You must also create a role with a name that matches the name of the device group, including case. Name matching is case-sensitive.
About this task
This task uses the SKLMAdmin user ID and the IBM® Security Guardium® Key Lifecycle Manager interface to create an extra device group.
- The
securityOfficer
role - Permission to the administrative actions (klmAdminDeviceGroup)
If you have the klmAdminDeviceGroup permission, you can create, view, and delete a device group. It is not required that you first define a role for the device group. However, your other actions are limited by the permissions that you have. For example, if you have only klmAdminDeviceGroup permission, you cannot update the attributes after you create the device group.
Procedure
What to do next
Create a role with a name that matches the device group.