Creating Custom Roles and Assignments in iManager 2.x


eDirectory administration can easily be handled by a single entity depending on the size and stabilization of your tree. Delegating various tasks to "qualified" groups and individuals can improve your environment by:

  • Freeing up your time to perform other duties like projects and enhancements.

  • Helping others learn eDirectory and grow professionally.

  • Restricting less knowledgeable individuals/groups from having "Accidents" in the tree.

First, log in to iManager as a user with all Roles/Tasks assigned (Admin).

Then complete the steps in the following sections to achieve that delegation.

Creating the Property Book

1. Click the Configure icon at the top of the page.

2. Expand Role Based Services on the left menu.

3. Click RBS Configuration.

4. In the list under the 2.x Collections tab, click Role Based Service 2.[org].

5. Click the Property Book tab.

Figure 1 - RBS Property Book tab

6. Click New.

Figure 2 - Naming the Property Book

7. Enter the Name of the new Property Book.

8. Click the picklist arrow and select which Module you wish to place the new Property Book in (such as iPrint.Role Based Service 2.[org] for printer-specific tasks).

9. Enter a Description, if desired. This is especially helpful if you have more than one administrator.

10. Allow multiple object editing allows multiple (users, printers, etc.. ) to be selected and modified simultaneously (such as for changing password length on multiple users instead of one at a time).

Figure 3 - Selecting object types

11. Find the Object Type you wish to assign to this new Property Book. Click the blue arrow to add it to 'Assigned Object Types'. Note: Available Object Types will depend on which Module you selected previously. The image above denotes object types for the module Base.Role Based Service 2.[org].

Figure 4 - Selecting pages

12. Find the Object Attributes under Available Pages that you want the new Property Book to be able to modify (such as User Identification (Telephone, Location, etc.)).

13. Click the blue arrow to add them to Assigned Pages.

Figure 5 - Selecting roles

14. Assigning a Role under Available Roles is optional at this point. You may wish to create a new role later and assign it then, unless you want to use an existing Role.

Figure 6 - Property Book summary

15. Click Finish, if you're satisfied, or Back to make changes.

16. Click OK.

Creating a New Role

To create a new Role for your new Property Book, follow these steps:

1. Click the Configure icon at the top of the page.

2. Expand Role Based Services on the left menu.

3. Click RBS Configuration.

4. In the list under the '2.x Collections' tab click 'Role Based Service 2.[org].

5. Click the Role tab.

Figure 7 - RBS Role tab

6. Click New, then click iManager Role

Figure 8 - Naming the new role

7. Enter the name for the new Role.

8. Enter a Description (optional).

9. Find the Property Book you created under 'All Tasks'. Click the blue arrow to add to 'Assigned Tasks'.

Figure 9 - Choosing the task

Note: When scrolling through the list, make note of the Rights Advisory. Some tasks require Supervisory rights, and that might not be what you want to give the new Role.

Assigning a Category is optional. It is useful in organizing your tasks and if the users who will be using this role have multiple responsibilities.

Figure 10 - Assigning Categories

Figure 11 - Assigning Members and Scopes

Assigning this new Role to users/groups is optional and can be assigned later (such as when a new group needs to be created first before assignment).

If you do wish to assign it now,

a) Browse/search the tree and select the target object.

b) Browse and select the object defining the scope of the Role assignment. Ex: you only want the users assigned this Role to be able to modify other users in a specific Organization Unit and below. Then you could choose that OU as the scope. If you have multiple OU's with objects that need to be included in this Role, be sure to add them in the Scope.

c) If you don't want the Role to inherit the rights to sub-containers of the scope, uncheck the Inheritable box.

Figure 12 - Create Roles summary

10. Click Finish, if you're satisfied or Back to make changes.

11. Click OK.


Next we show what the end result looks like with a test run.

1. Log out of iManager and login as a user you assigned this n

ew Role you created. Once logged in, you should only see what you have assigned to that user.

Figure 13 - Roles and Tasks view

Notice that the Help Desk Level 1 is the only option available. Now let's look at what User attributes this person can modify/view. We see only the General tab and Identification attributes we specified in the Property Book we created.

Figure 14 - Roles and Tasks, General tab

As part of the testing process, let's see if we can change anything.

2. Change the Telephone Number field and click Apply.

Figure 15 - Modifying fields

iManager has told us that our changes have been successful.

3. Try to modify an object outside of the scope.

Figure 16 - Unmodified fields

The screen looks the same, except that all the fields are grayed out and no modifications can be made.

This test shows us that our new Role is functioning like we wanted and is now ready for use.


This is a small example of what can be done with Roles and Assignments. I suggest creating a lab tree environment and try the many different possibilities that are in addition to the predefined Roles and Tasks that are included with iManager. Have fun!



How To-Best Practice
Comment List