Previous Topic: Static, Dynamic, and Nested Groups Example

Next Topic: Managed Endpoint Accounts

Group Administrators

On the Administrators tab of the Create or Modify Group tasks, you can specify users and groups as administrators of a group. When you assign a user as a group administrator, make sure that the administrator has a role with appropriate scope for managing the group. For example:

  1. Use Modify Group to assign a user as an administrator of a group.
  2. Assign that user an admin role with group management tasks, such as Modify Group Members, or user management tasks with a Groups tab.
  3. Check that the role has appropriate scope over the group.
    1. Use View Admin Role on the role that you assigned with group management tasks.
    2. On the Members tab, verify that a policy exists with the following:

      A member rule that the group administrator meets

      A scope rule that includes the group

      A scope rule that includes some users to be added to the group

Note: To enable groups to be administrators of other groups in an Identity Manager environment, configure group administrator support in the directory configuration file. For information, see the Configuration Guide.

When you assign a group as an administrator, only administrators of that group will be administrators of the group you are creating or modifying. Members of the administrator group you specify will not have privileges to manage the group. The following illustration shows a group as an administrator of another group.

Group administrators

In this example: