Role-based access control is used to provide a convenient way to assign a user to a particular job function or set of permissions within an enterprise, in order to control access. In Access Manager, you assign users to roles, based on attributes of their identity, and then associate authorization policies to the role.
For more information about how to create and configure role policies, see Creating Role Policies
in the NetIQ Access Manager 3.2 SP3 Policy Guide.
To assign a role to users at authentication, you must enable it for the Identity Server configuration.
In the Administration Console, click Devices > Identity Servers > Servers > Edit > Roles.
Click the role policy’s check box, then click Enable.
To disable the role policy, click the role policy’s check box, then click Disable.
To create a new role, click Manage Policies.
After enabling or disabling role policies, update the Identity Server configuration on the Servers tab.