You can assign permission to other users, groups, and containers to work with specific container pages and shared pages. Two security levels of permission can be assigned:
When you assign users View permission for a container page or shared page, they can access the page and see it in a list of available pages.
Open a page on the Maintain Container Pages panel or the Maintain Shared Pages panel, then click the Assign Permissions page task (at the bottom of the panel).
The Page Permissions dialog displays in a new browser window:
Go to the View tab.
Specify values for the following search settings:
Click Go.
The results of your search appear in the Results list.
Select the users, groups, or containers you want to assign to the page, then click the Add (>) button.
HINT:Hold down the Control key to make multiple selections.
Enable or disable page lock-down as follows:
Click Save, then Close.
Users who own shared pages can modify the content of the pages they own and change the preferences of portlets on those pages.
Open a page on the Maintain Shared Pages panel, then click the Assign Permissions page task (at the bottom of the panel).
The Page Permissions dialog displays in a new browser window (as shown in the previous procedure).
Go to the Ownership tab.
Specify values for the following search settings:
Click Go.
The results of your search appear in the Results list.
Select the users, groups, or containers you want to assign to the page, then click the Add (>) button.
HINT:Hold down the Control key to make multiple selections.
Enable or disable page lock-down as follows:
Click Save, then Close.
By default, only User Application Administrators can see and use the Create User or Group page, which is a shared page on the Identity Self-Service tab of the Identity Manager user interface. But, where appropriate, a User Application Administrator can assign permission for one or more end users to access that page too. For instance, selected people in administration or management positions might need the ability to create users, groups, or task groups themselves.
On the Maintain Shared Pages panel, open the page named Create User or Group.
Use the Assign Permissions page task to give View permission to the appropriate users, groups, or containers for the Create User or Group shared page.
Switch from Page Admin to Portlet Admin, and open the portlet registration named CreatePortlet (which is used on the Create User or Group page).
Use the Security panel to give List and Execute permissions to the appropriate users, groups, or containers for the CreatePortlet portlet registration.
For more information about assigning permissions for portlets, see Section 9.0, Portlet Administration.
Go to iManager and use an administrator account to log in to the tree for your identity vault.
Make sure that the people who will be using Create User or Group have Create rights for the [Entry Rights] property on the container(s) in which objects (users, groups, or task groups) will be created.
For example, you can modify trustees for a chosen container and add the appropriate users, groups, or containers as trustees. Then, for each trustee, you can assign the following rights:
Property name |
Assigned rights |
Inherit |
---|---|---|
[All Attributes Rights] |
|
Yes (select this check box) |
[Entry Rights] |
|
Yes (select this check box) |
If you don’t assign the necessary rights in the identity vault (or if those rights can’t somehow be derived), an end user may get an error message such as this one from Create User or Group:
User 'cn=mmackenzie,ou=users,ou=idmsample,o=novell' does not have permission to create 'cn=MyNewGroup,ou=groups,ou=idmsample,o=novell' or modify related objects.
To learn how the Create User or Group page is used (by those with access to it), see the Identity Manager User Application: User Guide.
By default, only User Application Administrators can access the Administration tab of the Identity Manager user interface and the pages contained on that tab (Page Admin, Themes, Portlet Admin, Portal, Security, Logging, Caching, Tools). But if necessary, a User Application Administrator can assign permission for one or more end users to see and use specific pages on the Administration tab. One example might be a small group of users who need to change themes periodically, even though they are not User Application Administrators.
On the Maintain Container Pages panel, open Admin Container Page.
This is the container page that’s used when you go to the Administration tab of the Identity Manager user interface.
Use the Assign Permissions page task to give View permission to the appropriate users, groups, or containers for Admin Container Page.
On the Maintain Shared Pages panel, open the appropriate Administration page (one of the shared pages under the category Administration).
Use the Assign Permissions page task to give View and Ownership permissions to the appropriate users, groups, or containers for that shared page.
Make sure the specified users, groups, or containers have Execute permission for each portlet used on a specified page (if you have restricted those portlets).
For more information about assigning permissions for portlets, see Section 9.0, Portlet Administration.