Role-based access control is used to provide a convenient way to assign a user to a particular job function or set of permissions within an enterprise, in order to control access. In Access Manager, you assign users to roles, based on attributes of their identity, and then associate authorization policies to the role.
For a complete discussion on creating and configuring role policies, see Creating Role Policies
in the NetIQ Access Manager 3.1 SP5 Policy Guide.
In order for a role to be assigned to users at authentication, you must enable it for the Identity Server configuration.
In the Administration Console, click > > > > .
Click the role policy’s check box, then click .
To disable the role policy, click the role policy’s check box, then click .
To create a new role, click .
After enabling or disabling role policies, update the Identity Server configuration on the tab.