Role-based access control allows administrators to assign users and permissions into roles. These roles are defined within the context of a realm, which is an application or group of applications. Role-based access control features have been built into Security Center as its own realm, and administrators can assign users to Security Center roles. Administrators can also create new roles and assign permissions and users to those roles.
Role-based access control in Security Center is disabled by default. To enable it, find the sample Security Center realms under “Application Realm Management” in the “MCP User Account Management” module. Find an appropriate sample, and save it. The sample files are XML, so it can be edited and customized to fit the environment.
After the sample realm has been edited, you can import the Security Center realm. After a successful import, role-based access control is enabled. Instructions on how to do this are specified in the Security Center Help.
When role-based access control is enabled, users can select a preferred role that will automatically be used at login. If a user is assigned to multiple roles, then the user can change his or her current role without having to log out and log back in.
Administrators can create or remove roles as seen fit. However, the permissions are static and defined by Unisys, and they should never be deleted. If a permission is deleted accidentally, re-import the edited Security Center sample. The deleted permission is added back into the realm.
Security Center software updates might add new permissions. These new permissions are listed in the ReadMe.txt file supplied with the installer, and are added to the realm by installing the latest Security Center software or by importing the permissions from a new sample realm.
Utility interfaces are available to return information about entries in the RBAC database. Many of the interfaces require the caller to pass an ARRAY parameter in which the information is returned. If the array is not large enough to accommodate all the information, it is resized.
