6.3 Enabling Role-Based Access Control

Role-based access control is used to provide a convenient way assign a user to a particular job function or set of permissions within an enterprise, in order to control access. In Access Manager, you assign users to roles, based on attributes of their identity, and then associate authorization policies to the role.

For a complete discussion on creating and configuring role policies, see Section 27.0, Creating Role Policies, in Section VI, Policy Management.

In order for a role to be assigned to users at authentication, you must enable it for the Identity Server configuration.

  1. In the Administration Console, click Access Manager > Identity Servers > Servers > Edit > Roles.

  2. Click the role policy’s check box, then click Enable.

  3. To disable the role policy, click the role policy’s check box, then click Disable.

  4. After enabling or disabling role policies, update the Identity Server configuration on the Servers tab.