Users Guide
Configuring a Role Mapping Policy
After authenticating a request, a Policy Manager Service invokes its Role Mapping Policy, resulting in assignment of a
role(s) to the client. This role becomes the identity component of Enforcement Policy decisions.
A service can be configured without a Role Mapping Policy, but only one Role Mapping Policy can be configured for
each service.
Policy Manager ships a number of preconfigured roles, including the following:
l [Contractor] - Default role for a Contractor
l [Employee] - Default role for an Employee
l [Guest] - Default role for guest access
l [Other] - Default role for other user or device
l [TACACS API Admin] -API administrator role for Policy Manager admin
l [TACACS Help Desk] - Policy Manager Admin Role, limited to views of the Monitoring screens
l [TACACS Network Admin] - Policy Manager Admin Role, limited to Configuration and Monitoring UI screens
l [TACACS Read-only Admin] - Read-only administrator role for Policy Manager Admin
l [TACACS Receptionist] - Policy Manager Guest Provisioning Role
l [TACACS Super Admin] - Policy Manager Admin Role with unlimited access to all UI screens
Additional roles are available with AirGroup and Onboard licenses.
For more information, see:
l "Adding and Modifying Roles" on page 189
l "Adding and Modifying Role Mapping Policies" on page 190
Adding and Modifying Roles
Policy Manager lists all available roles in the Roles page.
Figure 146: Roles Page
You can configure a role from within a Role Mapping Policy (Add New Role), or independently from the menu
(Configuration > Identity > Roles > Add Roles). In either case, roles exist independently of an individual Service and
can be accessed globally through the Role Mapping Policy of any Service.
Dell Networking W-ClearPass Policy Manager 6.3 | User Guide Identity | 189