6.1.3 Configuring User Roles

User Roles contain users or groups, collectively called as members. The following sections explain how to manage user roles.

Adding a User Role

To add a new user role:

  1. On the home page of the console, click Access Control.

  2. In the navigation pane, click User Roles.

  3. In the details pane, click Create. A Create User Role page with General, Included Members, and Excluded Members setting is displayed.

    • General: Specify the name and description of the user role. Click Next.

    • Included Members: Click Add to select users from the dropdown list which should be included in the user role. The drop down list consists of Local Users, LDAP Users and Groups, and Agent Users.

      NOTE:Advanced Authentication and RADIUS server users are not supported with Privileged Account Manager 4.0.

    • Browse to users or groups and select a source.

    • Click Next.

    • Excluded Members: This field is only applicable for LDAP Users and groups. An LDAP user or group can be excluded, if that user or group is part of the LDAP groups selected Included Members in the previous section

  4. Click Create.

Modifying a User Role

Follow the below procedure:

  1. On the home page of the console, click Access Control.

  2. In the navigation pane, click User Roles.

  3. In the details pane, select the user role you want to modify and click the edit icon on that row or click on the user role you want to modify. Edit User Role page is displayed on the right pane.

  4. Modify the following fields:

    1. General: Modify the Name and Description of the user role and click Next.

    2. Included Members: Click Add to select users from the dropdown list which should be included in the user role.

      • The drop down list shows Framework Users, Agent Users, LDAP Users and Groups sources

      • Browse to the users or groups and select a source. Click Add.

      • To remove, slect existing users or groups from the table and click Remove.

      • Click Next.

    Excluded Members: This field is applicable only for LDAP users and groups.

Deleting a User Role

  1. On the home page of the console, click Access Control.

  2. In the navigation pane, click User Roles.

  3. In the details pane, select the user role that you want to delete and click the delete icon next to the user role name.

    To select multiple user roles, click Delete multiple.

  4. Click Delete.

NOTE:You cannot delete a user role if it is a part of an assignment.