Creating a new role-based access control policy

To create a new role-based policy for a new role, you can use the Organizational Administration Console for some subtasks, however, you need to load some of the changes manually through the use of access control policy XML files. The Organization Administration Console allows you to make simple changes to access control policies and their parts. To make more sophisticated changes, you need to edit the XML files directly, and then load them into the database.

Procedure

1. Use the Organizational Administration Console to create an access group for the new role.
2. Use the Organizational Administration Console to create a resource group and assign commands that this role can execute.
3. Use the Organizational Administration Console to create an access control policy with the following parameters:
   1. Specify the new access group created in step 1 as the User Group.
   2. Specify "ExecuteCommandActionGroup" as the Action Group.
   3. Specify the new resource group created in step 2 as the Resource Group.
4. Manually, create an access control XML file for your policy and associate the new policy to a policy group as described in Associating policies with policy groups.
5. Manually, update the XML file created in step 4 to modify the resource-level access control of for the policy as described in Modifying the resource-level access control of an existing policy.
6. After completing the changes to your policy, load the policy into the database.