To effectively use Authorization Manager to control access to resources, you must define which groups of users are associated with which roles. To assign an application group to a role, use the following procedure.

You must be assigned to the Authorization Manager Administrator user role to complete this procedure. By default, Administrators is the minimum Windows group membership assigned to this role. Review the details in "Additional considerations" in this topic.

Assign an application group to a role
  1. If necessary, open Authorization Manager.

  2. If necessary, open or create an authorization store.

  3. In the console tree, right-click Role Assignments, under either an application or a scope, and click New role assignment. The Role Assignments folder is used as a container to link groups to roles. Not all roles have groups associated with them because roles can be combined into larger roles.

  4. Select the role to which you want to assign groups by selecting the check box beside the name of the role definitions, and then click OK. The same role definition can be added to the Role Assignments container more than once. This allows flexibility in managing your assignments.

  5. If desired, change the display name of the role assignment by right-clicking it in the list of role assignments, click Properties, and type the new display name.

  6. In the list of role assignments, right-click the role assignment from the previous steps, point to Assign Users and Groups, and then click From Authorization Manager.

  7. Select the desired members from the Add Groups dialog box by selecting the check box beside each desired member.

  8. Click OK.

Additional considerations

Additional references