Creating and modifying roles

In version 5.1.0.12 or later, as a platform administrator, create roles in the User Management view. You can map multiple user groups to the role so that all the users in these groups have access to the same features as the role.

Before you begin

• To define and manage roles, your system must be configured to work with a Lightweight Directory Access Protocol (LDAP) user registry. You must also define a roles organizational unit in your LDAP user registry and configure the LdapRoleFilter system property. For more information, see Configuring an LDAP user registry and Configuring LDAP support for roles.
• If your LDAP server is IBM Security Directory Server, you must also configure an appropriate size for the group members cache. For more information, see Configuring cache size for user groups and roles.

About this task

Create a role and map one or more user groups to the role.

1. From the Administration or Solution Administration navigation menu, click Platform Administration > User Management.
2. Click Manage Roles. The existing roles are displayed. To filter the list of roles, enter a full or partial role name in the filter.

Creating a role

3. Click Create. The Create a Role window opens.
4. Enter a unique name for the new role in the Role name field. After the role is created, the name cannot be changed.
5. Click Save.

Mapping user groups to the role

6. Click User Groups in the entry for the role in the table.
7. To map user groups to the role, select one or more user groups in the Available groups list and click the arrow button to move them to the Assigned groups list. To filter the list of groups in either list, enter a full or partial group name in the filter for that list.
8. To remove user groups from the role, select one or more user groups in the Assigned groups list and click the arrow button to move them to the Available groups list.
9. Click Save.