User-Defined Roles
User-defined roles allow you to create custom roles that can restrict,
count, and meter traffic for identities you want to control. CLI commands allow you to
do the following:
- Create a user defined role.
- Configure identity match criteria that determine which
identities use a role.
- Add dynamic ACL (Access Control List) rules or
policies to a role so that those policies are applied to ports to which a
matching identity connects.
- Assign a priority level to each role to determine which role
applies when multiple roles are matched to an identity.
- Establish hierarchical roles that can be used to support
topologies built around a company organization structure or a geographical
layout.
When specifying match criteria for a role, you can specify identity
attributes collected by identity manager (see Identity Information Capture) and those collected from an LDAP
server. When configured for an LDAP server, identity manager can send a query to the
server with locally collected attributes and retrieve additional attributes for the
identity, such as an employee department or title. The use of an LDAP server allows you
to design roles that serve departments or localities.
Print
this page
Email this topic
Feedback
View PDF
Download EPUB