Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010 Manual page 59

7 Click OK twice, then click Apply Changes.
8 To enable the role so that it can be used in Authorization and Identity Injection policies, click
Devices > Identity Servers > Edit > Roles.
9 Select the check box next to the name of the role, then click Enable.
10 Click OK.
11 Update the Identity Server.
You can now use this role when creating Authorization and Identity Injection policies, which control
access to protected Web resources. For more information, see the following:
Chapter 3, "Creating Authorization Policies," on page 65
Chapter 4, "Creating Identity Injection Policies," on page 115
Creating a Role by Using a Group Membership Attribute
If you have created an LDAP group and assigned users to the group, you can use group membership
to assign a role to the user. For example, you might have created a first-level managers group and
made all your first-level managers members of this group. You can then have other groups for your
upper-level managers. You can create a Role policy that assigns the user a role if the user is a
member of a specific group. The Role policy can then be used in an Authorization or Identity
Injection policy to protect a Web resource.
1 In the Administration Console, click Policies > Policies.
2 Select the policy container, then click New.
3 Specify a name for the Role policy, select Identity Server: Roles for the type, then click OK.
4 In Condition Group 1, click New, then select LDAP Group.
Creating Role Policies 59