Table of Contents
Advertisement
Network and Security Manager Administration Guide
70
If you create a custom domain, NS-NSM-User-Domain-Name should include the domain's
full path. Do not omit the word "global" and include the full path for
example, global.d1, global, or global.d2. Figure 14 on page 70 shows an example.
Figure 14: Creating Custom Domain
In Figure 14 on page 70, users belong to domain d1 and role r1 is defined in domain1.
Therefore, the domain name is global.d1 and the role is global.d1:global.d1.r1.
Predefined Roles
The current predefined role names, which users can use, are listed below:
Domain Administrator
IDP Administrator
Read-Only Domain Administrator
Read-Only IDP Administrator
Read-Only System Administrator
System Administrator
Predefined roles do not belong to any domain. The format for predefined roles is:
DomainName1:(predefined-role-name)
DomainName1
is the domain that the current user can access.
is one of the options listed above.
predefined-role-name
For example, if a user is in domain d1 with a role of IDP Administrator, the domain name
is global.d1 and the role is global.d1:IDP Administrator.
Creating Roles
If a user is defined in the local database or defined in a RADIUS server, NSM uses a role
mapping list from the local database. The custom roles must be created in NSM. If the
custom role belongs to a subdomain, it must be created in that subdomain. If the role is
domainName
Copyright © 2010, Juniper Networks, Inc.
, for
Advertisement
Table of Contents
