a role(s) to the client. This role becomes the identity component of Enforcement Policy decisions.
NOTE: A Service can be configured without a Role Mapping Policy, but only one Role Mapping Policy can be configured for each
service.
Policy Manager ships with the following pre-configured roles:
[Guest] - Role for guest access
l
[TACACS Help Desk] - Policy Manager Admin Role, limited to views of the Monitoring screens
l
[TACACS Network Admin] - Policy Manager Admin Role, limited to Configuration and Monitoring UI screens
l
[TACACS Receptionist] - Policy Manager Guest Provisioning Role
l
[TACACS Super Admin] - Policy Manager Admin Role with unlimited access to all UI screens
l
You can also configure additional roles. Refer to
Adding and Modifying Role Mapping Policies
From the Services page (Configuration > Service), you can configure role mapping for a new service (as part of the
flow of the Add Service wizard), or modify an existing role mapping policy directly (from the Configuration >
Identity > Role Mappings page).
Figure 96:
Role Mapping Policies
When you click Add Role Mapping from any of these locations, Policy Manager displays the Add Role Mapping
popup, which contains the following three tabs:
Policy
l
Mapping Rules
l
Summary
l
Policy Tab
The Policy tab labels the method and defines the Default Role (the role to which Policy Manager defaults if the
mapping policy does not produce a match for a given request).
Dell Networking W-ClearPass Policy Manager 6.0 | User Guide
"Adding and Modifying Roles " on page 158
for more information.
155