Configuration GuidesPolicy Server Configuration GuideConfigure Security Policies from WSDL Files Using Applications › Create Additional Roles to Define User Access Rights

Previous Topic: Modify the Default Role to Define User Access Rights

Next Topic: Modify Role Assignments in the Application Policy

Create Additional Roles to Define User Access Rights

Roles associate resources with groups of users must be created. The Administrative UI creates a default role which is assigned to all resources in when it secures web services from a WSDL file. If required, you can create additional roles.

Note: The following procedure assumes you are creating a new object. You can also copy the properties of an existing object to create an object. For more information, see Duplicate Policy Server Objects.

To create a new role

  1. Click Policies, Application, Modify Application.

    The Modify Application pane opens

  2. Specify search criteria, and click Search.

    A list of applications that match the search criteria opens.

  3. Select your application from the list, and click Select.

    The Modify Object: Name pane opens.

  4. Click the Roles tab.
  5. Click Create.
  6. Ensure the Create a new object of type Role button is selected, and then click OK.

    The Create Role pane opens.

  7. Enter values for the fields in the General group box. Choose distinctive values that help you remember its purpose or function, as shown in the following examples:
    Name

    Name of the role.

    Description

    Description of the role.

    Expression

    The expression that defines the group of users that can access a resource to which a role is assigned.

    You can use the Expression Editor to complete this field or type in an expression. To access the Expression Editor, click Edit.

    Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

  8. Click OK.

    The role is created.