You can assign permission to other users, groups, and containers to work with specific container pages and shared pages. Two security levels of permission can be assigned.
Table 6-5 Page Permissions
When you assign users View permission for a container page or shared page, they can access the page and see it in a list of available pages.
To assign View permission for container pages or shared pages:
Open a page on the Maintain Container Pages panel or the Maintain Shared Pages panel, then click the
page task (at the bottom of the panel).The Page Permissions dialog box displays in a new browser window:
Go to the
tab.Specify values for the following search settings:
Click
.The results of your search appear in the
list.Select the users, groups, or containers you want to assign to the page, then click the
(>) button.Hold down the Ctrl key to make multiple selections.
Enable or disable page lock-down as follows:
Click
, then click .Users who own shared pages can modify the content of the pages they own and change the preferences of portlets on those pages.
To assign Ownership permission for shared pages:
Open a page on the Maintain Shared Pages panel, then click the
page task (at the bottom of the panel).The Page Permissions dialog box displays in a new browser window as shown in Step 1.
Go to the
tab.Specify values for the following search settings:
Click Go.
The results of your search appear in the
list.Select the users, groups, or containers you want to assign to the page, then click the Add (>) button.
Hold down the Ctrl key to make multiple selections.
Enable or disable page lock-down as follows:
Click Save, then click Close.
By default, only User Application Administrators can see and use the Create User or Group page, which is a shared page on the
tab of the Identity Manager user interface. But, where appropriate, a User Application Administrator can assign permission for one or more end users to access that page. For instance, selected people in administration or management positions might need the ability to create users, groups, or task groups.On the Maintain Shared Pages panel, open the page named Create User or Group.
Use the
page task to give View permission to the appropriate users, groups, or containers for the Create User or Group shared page.Switch from Page Admin to Portlet Admin, and open the CreatePortlet portlet registration (which is used on the Create User or Group page).
Use the Security panel to give List and Execute permissions to the appropriate users, groups, or containers for the CreatePortlet portlet registration.
For more information about assigning permissions for portlets, see Section 7.0, Portlet Administration.
Go to iManager and use an administrator account to log in to the tree for your Identity Vault.
Make sure that the people who will be using Create User or Group have Create rights for the [Entry Rights] property on the containers in which objects (users, groups, or task groups) will be created.
For example, you can modify trustees for a chosen container and add the appropriate users, groups, or containers as trustees. Then, for each trustee, you can assign the following rights:
Property name |
Assigned rights |
Inherit |
---|---|---|
[All Attributes Rights] |
|
Yes (select this check box) |
[Entry Rights] |
|
Yes (select this check box) |
If you don’t assign the necessary rights in the Identity Vault (or if those rights can’t somehow be derived), an end user might get an error message such as this one from Create User or Group:
User 'cn=mmackenzie,ou=users,ou=idmsample,o=novell' does not have permission to create 'cn=MyNewGroup,ou=groups,ou=idmsample,o=novell' or modify related objects.
To learn how the Create User or Group page is used (by those with access to it), see the Identity Manager User Application: User Guide.
By default, only User Application Administrators can access the
tab of the Identity Manager user interface and the pages contained on that tab (Application Configuration, Page Admin, Portlet Admin, Provisioning, Security). But if necessary, a User Application Administrator can assign permission for one or more end users to see and use specific pages on the tab. For example, a small group of users might need to change themes periodically, even though they are not User Application Administrators.On the Maintain Container Pages panel, open
.This is the container page that’s used when you go to the
tab of the Identity Manager user interface.Use the
page task to give View permission to the appropriate users, groups, or containers for Admin Container Page.On the Maintain Shared Pages panel, open the appropriate Administration page (one of the shared pages under the category Administration).
Use the
page task to give View and Ownership permissions to the appropriate users, groups, or containers for that shared page.Make sure the specified users, groups, or containers have Execute permission for each portlet used on a specified page (if you have restricted those portlets).
For more information about assigning permissions for portlets, see Section 7.0, Portlet Administration.