After defining the specific components of an application that require protection, you can specify the roles that users may be assigned. Roles are the set of users who have access to a particular resource. These sets of users are defined by an expression.
Note: The following procedure assumes you are creating a new object. You can also copy the properties of an existing object to create an object. More information exists in Duplicate Policy Server Objects.
To create a role
The Create Role pane appears.
Employees
All employees of Acme Financial Services
TRUE
To form an expression, you can use the Expression Editor. To access the editor, click Edit.
Managers
Managers of Acme Financial Services
BOOLEAN(IsManager)
IsManager is the attribute mapping that was defined for the LDAP user directory.
Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |