Novell ACCESS MANAGER 3.1 SP1 - ADMINISTRATION Manual page 20

"SSL VPN Administrators" on page 22
"J2EE Agent Administrators" on page 22
6 To assign all delegated administrators the same rights to a component, configure All Users by
using the drop-down menu and selecting None, View Only, or View/Modify.
By default, All Users is configured for None. All Users is a quick way to assign everyone View
Only rights to a component when you want your delegated administrators to have the rights to
view the configuration but not change it.
7 To select one or more users to assign rights, click Add, then fill in the following fields:
Name filter: Specify a string that you want the user's cn attribute to match. The default value
is an asterisk, which matches all cn values.
Search from context: Specify the context you want used for the search. Click the down-arrow
to select from a list of available contexts.
Include subcontainers: Specifies whether subcontainers should be searched for users.
8 Click Query, and the User section is populated with the users that match the query.
9 In the User section, select one or more users to whom you want to grant the same rights.
10 For the Access option, click the down-arrow and select one of the following values:
View/Modify: Grants full configuration rights to the device. View/Modify rights do not grant
the rights to manage keystores, to create certificates, or to import certificates from other servers
or certificate authorities. View/Modify rights allow the delegated administrator to perform
actions such as stop, start, and update the device.
If the assignment is to a policy container, this option grants the rights to create policies of any
type and to modify any existing policies in the container
View Only: Grants the rights to view all the configuration options of the device or all rules and
conditions of the policies in a container.
None: Prevents the user from seeing the device or the policy container.
11 In the Device or Policy Containers section, select the devices, the clusters, or policy containers
that you want to assign for delegated administration.
12 Click Apply.
The rights are immediately assigned to the selected users. If the user already had a rights
assignment to the device or policy container, this new assignment overwrites any previous
assignments.
13 After assigning a user rights, check the user's effective rights.
A user's effective rights and assigned rights do not always match. For example, if Kim is
granted View Only rights but All Users have been granted View/Modify rights, Kim's effective
rights are View/Modify.
When a user is granted View/Modify rights to a device, the user is automatically assigned View
Only rights to the policy containers. If you explicitly remove the View Only rights from the
policy containers, the user no longer has the rights to view the policies for that device.
Access Gateway Administrators
You can assign a user to be a delegated administrator of an Access Gateway cluster or a single
Access Gateway that does not belong to a cluster. You cannot assign a user to manage a single
member of a cluster.
20 Novell Access Manager 3.1 SP1 Administration Console Guide