Users Guide
Configuring a Role Mapping Policy
After authenticating a request, a Policy Manager Service invokes its Role Mapping Policy, resulting in assignment of a
role(s) to the client. This role becomes the identity component of Enforcement Policy decisions.
A service can be configured without a Role Mapping Policy, but only one Role Mapping Policy can be configured for
each service.
Policy Manager ships a number of preconfigured roles, including the following:
l [Contractor] - Default role for a Contractor
l [Employee] - Default role for an Employee
l [Guest] - Default role for guest access
l [Other] - Default role for other user or device
l [TACACS API Admin] -API administrator role for Policy Manager admin
l [TACACS Help Desk] - Policy Manager Admin Role, limited to views of the Monitoring screens
l [TACACS Network Admin] - Policy Manager Admin Role, limited to Configuration and Monitoring UI screens
l [TACACS Read-only Admin] - Read-only administrator role for Policy Manager Admin
l [TACACS Receptionist] - Policy Manager Guest Provisioning Role
l [TACACS Super Admin] - Policy Manager Admin Role with unlimited access to all UI screens
Additional roles are available with AirGroup and Onboard licenses.
For more information, see:
l "Adding and Modifying Roles" on page 191
l "Adding and Modifying Role Mapping Policies" on page 192
Adding and Modifying Roles
Policy Manager lists all available roles in the Roles page.
Figure 146: Roles Page
You can configure a role from within a Role Mapping Policy (Add New Role), or independently from the menu
(Configuration > Identity > Roles > Add Roles). In either case, roles exist independently of an individual Service and
can be accessed globally through the Role Mapping Policy of any Service.
When you click Add Roles from any of these locations, Policy Manager displays the Add New Role popup.
Dell Networking W-ClearPass Policy Manager 6.3 | User Guide Identity | 191