Users Guide
a role(s) to the client. This role becomes the identity component of
Enforcement Policy
decisions.
NOTE: A Service can be configured without a Role Mapping Policy, but only one Role Mapping Policy can be configured for each
service.
Policy Manager ships with the following pre-configured roles:
l [Guest] - Role for guest access
l [TACACS Help Desk] - Policy Manager Admin Role, limited to views of the Monitoring screens
l [TACACS Network Admin] - Policy Manager Admin Role, limited to Configuration and Monitoring UI screens
l [TACACS Receptionist] - Policy Manager Guest Provisioning Role
l [TACACS Super Admin] - Policy Manager Admin Role with unlimited access to all UI screens
You can also configure additional roles. Refer to "Adding and Modifying Roles " on page 158 for more information.
Adding and Modifying Role Mapping Policies
From the Services page (Configuration > Service), you can configure role mapping for a new service (as part of the
flow of the Add Service wizard), or modify an existing role mapping policy directly (from the Configuration >
Identity > Role Mappings page).
Figure 96: Role Mapping Policies
When you click Add Role Mapping from any of these locations, Policy Manager displays the Add Role Mapping
popup, which contains the following three tabs:
l Policy
l Mapping Rules
l Summary
Policy Tab
The Policy tab labels the method and defines the Default Role (the role to which Policy Manager defaults if the
mapping policy does not produce a match for a given request).
Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 155