Admin Roles for User Management › Create an Admin Role › Define Member Policies for an Admin Role

Define Member Policies for an Admin Role

On the Members tab, you create member policies, which determine who can be a role member.

To define member policies

1. Click Add to define member policies. A member policy contains these rules:
   • A member rule which defines the requirements for a user to be a role member.

     Note: The following operators treat numbers as characters in member rules:

     • Less than (<)
     • Less than or equal to (<=)
     • Greater than (>)
     • Greater than or equal to (=>)

       For example, '10' will come after '1' but before '2'.

   • Scope rules which limit the primary and secondary objects available to tasks in the role.

     For example, if the role contains a task that modifies users by assigning them to groups, the user scope rule limits the users (primary object) that can be found and the group scope rule limits the groups (secondary object) that can be assigned.

     Note: Be sure to enter an answer to at least one scope question. The scope rules limit the primary and secondary objects available to tasks in the role. For example, if the role contains a task that modifies users by assigning them to groups, the user scope rule limits the users (primary object) that can be found and the group scope rule limits the groups (secondary object) that can be assigned.

2. Verify that the Member Policy appears on the Members tab.
   • To edit a policy, click the right arrow symbol on the left.
   • To remove it, click the minus sign icon.
3. On the Members tab, enable the checkbox labeled "Administrators can add and remove members of this role," unless users should only become members by meeting a member rule.

   Once you enable this feature, the screen expands.

4. In the expanded area, define the Add Action and Remove Action for when a user is added or removed as a role member.

   Important! When defining an add action, avoid setting up a rule that refers to the role you are defining. For example, do not define the add action that makes a member of Role A by being a member of Role A.This may cause errors.

5. Define Admin Policies for an Admin Role.