Users Guide

Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 153
Chapter 14
Identity: Users, Endpoints, Roles and
Role Mapping
A Role Mapping Policy reduces client (user or device) identity or attributes associated with the request to
Role(s)
for Enforcement Policy evaluation. The roles ultimately determine differentiated access.
Architecture and Flow
Roles range in complexity from a simple user group (e.g., Finance, Engineering, or Human Resources) to a
combination of a user group with some dynamic constraints (e.g., San Jose Night Shift Worker”- - An employee in
the Engineering department who logs in through the San Jose network device between 8 PM and 5 AM on
weekdays). It can also apply to a list users. A role can be:
l Discovered by Policy Manager through
role mapping
("Adding and Modifying Role Mapping Policies " on page
155). Roles are typically discovered by Policy Manager by retrieving attributes from the
authentication source
.
Filter rules
associated with the authentication source tell Policy Manager where to retrieve these attributes.
l Assigned automatically when retrieving attributes from the
authentication source
. Any attribute in the
authentication source can be mapped directly to a role. ("Adding and Modifying Authentication Sources " on
page 127)
l Associated directly with a user in the Policy Manager
local user
database ("Adding and Modifying Local Users "
on page 159 and "Adding and Modifying Guest Users " on page 161).
l Associated directly with a
static host list
, again through
role mapping
("Adding and Modifying Static Host Lists "
on page 166).