Policy Container Administrators

The policy container administrators are of two types:

  • Delegated Administrators

  • Policy View Administrators

Delegated Administrators

All delegated administrators with View/Modify rights to a device have read rights to the master policy container. To create or modify policies, a delegated administrator needs View/Modify rights to a policy container. When a delegated administrator has View/Modify rights to any policy container, the delegated administrator is also granted enough rights to allow the administrator to select shared secret values, attributes, LDAP groups, and LDAP OUs to policies.

If you want your delegated administrators to have full control over a device and its policies, you might want to create a separate policy container for each delegated administrator or for each device that is managed by a group of delegated administrators.

Policy View Administrators

A policy view administrator has rights only to view policy containers. The super administrators can create a special type of delegated administrators called policy view administrators. The policy view administrators can log in to Access Manager with their credentials and they are allowed to view only the policy containers assigned to them.

Using Policy Container option, the super administrators can add and remove the delegated and policy view administrators.

  • Adding Administrators

  • Removing Administrators

Adding Policy Container Administrators

The administrator can assign the rights to the delegated administrators and the users based on the policy containers.

  1. In Administration Console Dashboard, click <user name> at the top right of the page > Administrators > Policy Containers > Add Administrators.

  2. (Optional) Specify the filter.

  3. Select Access Rights from the list for the type of administrator. For Example, View/Modify, View Only, and None. The policy view administrators have only View Only rights.

  4. Select the search from context in the list. For example, “ou=delegated users, o=novell, ou=policyviewusers, o=novell”. Based on the user selected, the delegated or policy view administrators are created.

  5. (Optional) Select Include Subcontainers, if you want to add it.

  6. Click Query.

  7. Select User and Policy Container. The users and policy containers list are displayed based on the association with query.

  8. Click Apply > Close.

Removing Policy Container Administrators

  1. In Administration Console Dashboard, click <user name> at the top right of the page > Administrators > Policy Containers > Remove Administrators.

  2. Select the check box of the user assigned to the administrator and click Remove.

  3. Click Close.