Define Member Policies for an Admin Role

On the Members tab, you create member policies, which determine who can be a role member.
cim1265
On the Members tab, you create member policies, which determine who can be a role member.
To define member policies
  1. Click Add to define member policies. A member policy contains these rules:
    • A member rule which defines the requirements for a user to be a role member.
      The following operators treat numbers as characters in member rules:
      For example, '10' will come after '1' but before '2'.
    • Scope rules which limit the primary and secondary objects available to tasks in the role.
      For example, the role contains a task that modifies users by assigning them to groups. As a result, the user scope rule limits the users (primary object) that can be found and the group scope rule limits the groups (secondary object) that can be assigned.
    Be sure to enter an answer to at least one scope question. The scope rules limit the primary and secondary objects available to tasks in the role. For example, the role contains a task that modifies users by assigning them to groups. As a result, the user scope rule limits the users (primary object) that can be found and the group scope rule limits the groups (secondary object) that can be assigned.
  2. Verify that the Member Policy appears on the Members tab.
    • To edit a policy, click the right arrow symbol on the left.
    • To remove it, click the minus sign icon.
  3. On the Members tab, optionally enable the checkbox labeled “Administrators can add and remove members of this role." Leaving this checkbox disabled means that users become members by meeting a member rule.
    Once you enable this feature, the screen expands.
  4. In the expanded area, define the Add Action and Remove Action for when a user is added or removed as a role member.
    For the add action, avoid setting up a rule that refers to the role you are defining. For example, do not define the add action that makes a member of Role A by being a member of Role A.