35.2 Configuration of RAC

The RAC Configuration provides complete control over RAC objects. It is a central place for managing and configuring RAC objects. You can list and modify RAC objects. The configuration also provides useful information, such as searching and displaying the selected modules from the list. The Roles section lists the Associated Tasks for each role.

On the NetIQ Identity Console home page, select RAC to open the RAC Configuration page.

The page includes two tabs:

RAC Configuration: Displays current RAC Configurations.

Edit Member Association: Displays a list of roles from all the Configurations.

Identity Console displays Configurations that you own and includes the following information on each Configuration:

Module: Indicates the number of modules on the selected RAC Configuration.

To work with a particular Configuration, select it from the list. This opens a configuration-specific view, as shown in figure:

NOTE:For the administrator to access all the modules, it is advisable to create a separate RAC Configuration for the administrator with all the Modules selected.

Figure 35-1 Indicates the Selected Modules

The remainder of this section describes the various tabs on the RAC Configuration page.

35.2.1 Setting up RAC Configuration

At the RAC Configuration tab, you can see the list of configurations for the specific user. To create a new RAC Configuration, follow the steps:

  1. On the RAC Configuration tab, Click .

  2. Enter a Name.

  3. In the Context field, Click Search and select the required Container.

  4. Assign a role to the user or group of users, by selecting the module from the Select Modules list.

  5. Select a required Scope.

  6. (Optional) Provide a Description.

  7. Select the required check box, to specify how you want the rights that are related to this role to be assigned to the member.

    Assign Rights: Instructs eDirectory to automatically grant the member rights necessary to perform the assigned role. When not selected, the member is assigned the role but might not have rights to perform all tasks associated with the role. The member’s rights assignments are handled separately.

    Inheritable: Select subtree to indicate that the member’s scope includes all sub-containers in the specified context. Select base object to indicate that the member can perform the role only in the specified container.

  8. Click Create.

The RAC Configuration is created.

Figure 35-2 RAC Configuration

35.2.2 Managing RAC Roles

The RAC Configuration Role tab allows you to manage the RAC roles in the configuration. On the Roles tab, you can see the list of Roles that were selected while creating the Configuration. From this tab you can perform the following:

Creating a New Role

This wizard steps you through naming or customizing the role, assigning tasks and categories to the role, and assigning role members and scopes to the role.

In the Roles tab, you can view the modules that are assigned at the Role menu. If you click on the module, you can see the appropriate task assigned to that role at the Associated Tasks menu.

To create a new role in the Configuration:

  1. In the Roles tab, click Create Role .

  2. On the Create Role window, click Add Scope , and select a Scope.

    1. Enter the Name.

    2. Select the Member or the group of members that you want to associate with the Role.

  3. From the Select Task (s) menu, select the tasks that need to be assigned to the Role.

  4. Click Create.

A new Role is created. Close the window and open the Configuration again to view the changes.

Figure 35-3 Create New Role

Removing a Role

To remove a role in the Configuration:

NOTE:When deleted, the custom created roles cannot be imported again. Be careful before deleting them.

  1. In the Roles tab, select the role that you want to delete, and click Remove role .

  2. Click OK.

A Role is removed. Close the window and open the Configuration again to view the changes

Figure 35-4 Remove Role

Importing the Removed Role

To import a removed Role in the Configuration:

  1. In the Roles tab, click Import Removed Role .

    The SELECT ROLE(S) list appears.

  2. Select the Role that needs to be imported.

    The role is imported and visible on the Roles menu.

  3. Click OK.

A new Role is imported. Close the window and open the Configuration again to view the changes

Figure 35-5 Import the Removed Role

Adding Task to Selected Role

To add additional tasks to a particular Role, at the Associated Tasks menu click Add .

Figure 35-6 Add Task to Selected Role

35.2.3 Viewing Modules List

The Module tab contains the lists the RAC modules currently installed on a selected Configuration. Each Module contains RAC tasks. From this page, you can add or delete a Module.

35.2.4 Viewing Task List

You can view the list of Tasks available for the list of Configuration.

A task is a distinct management function, such as creating a user or setting a password. Identity Console lists the tasks by group in the navigation area.

35.2.5 Editing Configuration Owner

On this screen, you can see the list of owners of a specified Configuration. You can add the Configuration owners or delete the existing Configuration owners. To add a Configuration owner, follow the procedure:

  1. Click Add Configuration Owner .

  2. On the Context Browser window, select the user, then click OK.

By using the Search box, you can search for a user or the objects.

Figure 35-7 Edit Configuration Owner

35.2.6 Editing Member Association for Configuration

The Edit Member Association tab helps to associate a member to a role by selecting the member.

To add a member to an existing role:

  1. Click Select Member .

    The Context Browser window opens. On the Context Browser window, you have the option to select user, group, organization unit, or organization.

  2. On the Context Browser window, select the user as per your requirement.

    The list of associations that the user is already part of are displayed.

  3. Click Edit Member Association .

  4. On the Add Roles window, select the role that is required.

    • Add Role: Specify, or use the Object Selector to find the desired object to be a role member.

    • Add Scope: Specify, or use the Object Selector to find the scope within which this member can perform the role.

  5. Click OK.

The roles are added successfully. Close the window and open the Configuration again to view the changes

Figure 35-8 Edit Member Association