Users Guide
154 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide
Figure 95: Role Mapping Process
Configuring a Role Mapping Policy
After authenticating a request, an Policy Manager
Service
invokes its
Role Mapping Policy,
resulting in assignment of
a role(s) to the client. This role becomes the identity component of Enforcement Policy decisions.
NOTE: A service can be configured without a Role Mapping Policy, but only one Role Mapping Policy can be configured for each
service.
Policy Manager ships with the following pre-configured roles:
l [Contractor] - Default role for a Contractor
l [Employee] - Default role for an Employee
l [Guest] - Default role for guest access
l [Other] - Default role for other user or device
l [TACACS API Admin] -API administrator role for Policy Manager admin
l [TACACS Help Desk] - Policy Manager Admin Role, limited to views of the Monitoring screens
l [TACACS Network Admin] - Policy Manager Admin Role, limited to Configuration and Monitoring UI screens
l [TACACS Read-only Admin] - Read-only administrator role for Policy Manager Admin
l [TACACS Receptionist] - Policy Manager Guest Provisioning Role
l [TACACS Super Admin] - Policy Manager Admin Role with unlimited access to all UI screens
NOTE: Additional roles are available with AirGroup and Onboard licenses
You can also configure other roles. Refer to "Adding and Modifying Roles " on page 158.
Configuring a Role Mapping Policy
After authenticating a request, an Policy Manager
Service
invokes its
Role Mapping Policy,
resulting in assignment of