Create a new role-based access control policy
To create a new role-based policy for a new role, use the Organizational Administration Console for some subtasks, however, you need to load some of the changes manually through the use of access control policy XML files. The Organization Administration Console allows you to make simple changes to access control policies and their parts. To make more sophisticated changes, edit the XML files directly, and then load them into the database.
- Use the Organizational Administration Console to create an access group for the new role.
- Use the Organizational Administration Console to create a resource group and assign commands that this role can execute.
- Use the Organizational Administration Console to create an access control policy with the following parameters:
- Specify the new access group created in step 1 as the User Group.
- Specify "ExecuteCommandActionGroup" as the Action Group.
- Specify the new resource group created in step 2 as the Resource Group.
- Manually, create an access control XML file for your policy and associate the new policy to a policy group as described in Associating policies with policy groups.
- Manually, update the XML file created in step 4 to modify the resource-level access control of for the policy as described in Modifying the resource-level access control of an existing policy.
- After completing the changes to your policy, l oad the policy into the database.
Related Concepts
Authorization
Access control policy
Related tasks
View access control policies
Updating access control policies
Deleting policies
Define access control policy elements using XML
Loading access control policy data
Testing access control policy changes
Related Reference
Access control files
Default access control policies
Default access control policy groups