Policy Server GuidesPolicy Design GuidePoliciesConfigure a Policy › Add Roles to a Policy

Previous Topic: Add LDAP Expressions to Policies

Next Topic: Exclude Roles in a Policy
Add Roles to a Policy

If you have purchased CA Identity Manager (Identity Manager), you can add Identity Manager access roles to your policies. Identity Manager access roles define roles that may be assigned to users in Identity Manager. Roles may be associated with users or groups of users that share common access requirements. For more information about access roles in Identity Manager, see CA Identity Manager Operations Guide.

You can add roles to policies using a procedure similar to adding groups to policies. When a user who has been assigned the appropriate access role in Identity Manager tries to access a protected resource, the Policy Server verifies that the user has been assigned the Identity Manager role, and then fires the rules included in the policy to see if the user is allowed to access the resource.

To add Identity Manager roles to a policy

  1. In the SiteMinder Policy dialog, click on the Users tab.

    The Users tab contains sub-tabs for each user directory and IdentityMinder Environment included in the policy domain.

  2. Click on the tab for the IdentityMinder Environment that contains the roles you want to add to your policy.
  3. Click the Add/Remove button.

    The SiteMinder Policy Identity Manager Role dialog opens.

  4. To add roles to the policy, select an entry from the Available Members list and click on the Left Arrow button, which points to the Current Members list.

    The opposite procedure removes roles from the Current Members list.

    You can select multiple entries by holding the CTRL or SHIFT key and clicking on entries in one of the Members lists. When you select multiple entries and click one of the Arrow buttons, the Policy Server User Interface moves all of the selected entries.

  5. Click OK to save your changes and return to the SiteMinder Policy dialog.