Configuring Role Mapping Rules (NSM Procedure)
You create a role mapping rule on
the Role Mapping tab of an authentication realm. (For administrators,
to create role mapping rules, select Administrators > Admin Realms > Realm> Role Mapping . For users, select Users > User Realms > Realm> Role Mapping.) When
you click New Rule on the Role Mapping tab, the
Role Mapping Rule page appears with an inline editor for defining
the rule.
To specify role mapping rules for an authentication
realm:
- In the NSM navigation tree, select Device Manager > Devices.
- Click the Device Tree tab, and then double-click the Infranet Controller device for which
you want to configure role mapping rules.
- Click the Configuration tab. In the configuration tree, select Administrators > Admin Realms or Users > User Realms.
- Add or modify settings on the Role
Mapping Rules tab as specified in Table 1.
- Click one:
-
OK—Saves the changes.
-
Cancel—Cancels the modifications.
Table 1: Role
Mapping Rules Configuration Details
|
Option
|
Function
|
Your Action
|
|
Name
|
Specifies the rule name.
|
Enter the name.
|
|
Assign these roles if the rule matches
|
Specifies the list of eligible roles that matches the
rule.
|
Select the role from the Non-members list, and click Add to move them to the members list.
|
|
Stop processing rules when this rule matches
|
Stops evaluating role mapping rules if the user meets
the conditions specified for this rule.
|
Select this option to stop evaluating role mapping rules
when specific conditions are met.
|
|
Role mapping rule type
|
Specifies the parameters based on which the role mapping
is created.
|
- Select If user name if the
role mapping parameter must be based on the user name. Select is/is not conditional expressions for the rule, click
the Add button, and enter the new user
names.
- Select If certificate has any of the attributes if the role mapping parameter must be based on the certificate attributes.
Select is/is not conditional expressions
for the rule, click the Add button, and
enter the new values.
- Select If user has any of these custom expressions if the role mapping parameter must be based on the custom expressions.
Click the Add button, and enter the new
expressions.
|
|
is/is not
|
Specifies the conditional expression used in the rule.
|
Select this option to specify conditional expression.
|
|
User must select from among assigned roles
|
Specifies that the rule is based on assigned roles.
|
Select this option to specify that the rule is based
on assigned roles.
|
|
User must select the sets of merged roles assigned by
each rule
|
Specifies that the rule is based on sets of merged roles.
|
Select this option to specify that the rule is based
on sets of merged roles.
|
