Defining RBS Roles

RBS roles specify the tasks that users are authorized to perform. Defining an RBS role includes creating an rbsRole object and specifying the tasks that the role can perform and the User, Group, or container objects that can perform those tasks. In some cases, Novell iManager plug-ins (product packages) might provide a few predefined RBS roles that you can modify.

The tasks that RBS roles can perform are exposed as rbsTask objects in your eDirectory tree. These objects are added automatically during the installation of product packages. They are organized into one or more rbsModules, which are containers that correspond to the different functional modules of the product.

For information on assigning members to a role, see Assigning RBS Role Membership and Scope .


Creating an rbsRole Object

  1. Verify that you are logged in as the owner of the rbsCollection you are creating this role in.

  2. Click the Configure button Configure button.

  3. Specify Role Configuration > Create iManager Role.

  4. Enter a name for the role in the Role Name field.

  5. Specify an rbsCollection to hold the object in the Collection field.

    rbsRoles can be created only in an rbsCollection container.

  6. (Optional) Enter a description for the role in the Description field.

  7. Click Next.

  8. Specify the tasks you want assigned to this role, then click Next.

  9. Specify the name and context of the object (a User, Group, or container object) you want this role to be associated with, then click Add.

    You can add as many users, groups, or containers as you want.

  10. Add members.

  11. Define the scope (i.e., areas of the tree where the role can be performed).

    You can assign multiple objects to the same scope, or you can assign individual scopes for each object.

    Uncheck the Inheritable check box if you want this role to be performed only in this context. If this box is checked, anyone who is a member of this role will be able to execute tasks in this container and its sub-containers.

  12. Click Add.

  13. Repeat Step 10 and Step 11 for each object you added in Step 9.

  14. Click Next > Finish.

See Assigning RBS Role Membership and Scope for information on adding members to roles.


Modifying the Tasks That rbsRole Objects Can Perform

Each RBS role has a set of available tasks associated with it. You can choose which tasks are assigned to a particular role, adding or removing tasks as necessary.

  1. Click the Configure button Configure button.

  2. Click Role Configuration > Modify iManager Roles.

  3. Click the Modify Tasks button in the role you want to modify.

  4. Add or remove tasks from the Assigned Task list.

  5. Click OK.


Deleting a Pre-defined Role

If a predefined Role such as eDirectory Administration, Group Management, etc. is deleted using the Delete Role task, and then recreated by re-installing the iManager plug-in using the Install plug-in task, the Role is recreated but no tasks are assigned to the Role. The Role should be recreated with all of the default tasks assigned to the Role.