You can edit a console user role in the following ways:

  • You can add and subtract permissions at the feature level for the built-in console user roles, and for any custom role shown on the Login Accounts: User Roles tab.
  • If you have AD mapping enabled, you can change the AD security group that is mapped to a console login user role.
  • You can change the policies this role provides permissions for.
  • You can enable a user role, activating the ability of user accounts assigned this role to access the console, or you can disable the role, removing the permissions it provided to the user (unless another role assigned to the user provides the same permissions).
  • You can edit the optional Description for a group.

Edit a User Role

You can use this procedure to change permissions or other properties of a console user role.

Procedure

  1. In the console menu, click the Settings (gear) icon and choose Login Accounts. The Login Accounts page appears.
  2. Click the User Roles tab.
  3. On the Login Accounts: User Roles page, click the View Details button for the user role whose privileges you want to change.

    The Edit User Role page appears.

    The Edit User Role page showing the current permissions

  4. On the Edit User Role page, review the current permissions.

    Permissions with checkmarks in the right column are enabled; permissions with an empty checkbox are disabled.

    Click the checkbox for any capabilities whose status you want to change.

  5. If you want to change the policies to which the permissions for this role are granted, make those changes in the Scope of Policy Permissions panel.
  6. Review the Description field and make any changes to this information.
  7. Click the Save button at the bottom of the page to save your changes.