Troubleshooting guide
30 1: Important RSA Authentication Manager 8.1 Changes
RSA Authentication Manager 6.1 to 8.1 Migration Guide
Increased Administrative Scoping
The version 8.1 administrative model is built on the concepts of roles, permissions,
and scope. Authentication Manager includes predefined administrative roles, and you
can create custom roles. For more information, see Predefined Administrative Roles
on page 31.
The following table describes the elements that define administrators.
An administrative role has two components:
• A collection of permissions based on a job function profile.
Permissions are equivalent to task lists in version 6.1.
• The scope in which the permissions apply.
Scope functions in the same way as it did in version 6.1. However, scoping in
version 8.1 is much more flexible. You can refine or expand the scope based on
the security domain hierarchy. In version 6.1, you are limited to realm, site, or
group scope.
You can assign administrative roles to any user in your scope. The user can perform
the administrative actions specified by the role within the specified security domain.
You may assign more than one administrative role to an administrator.
For more information about administrative roles in version 8.1, the chapter “Preparing
RSA Authentication Manager for Administration” in the RSA Authentication Manager
8.1 Administrator’s Guide.
Element Controls
Role What an administrator can manage. For example, user accounts.
Permission What an administrator can perform. For example, assign tokens to users.
Scope The boundaries of an administrator’s authority. Scope is limited by the
security domain.