Once you have created and configured the host, user and device groups, create the roles associated with these groups.
- Select Policy > Roles.
- Click Add at the bottom of the Roles View.
- In the Name field, enter a name for the new role. If this role corresponds to an LDAP attribute value, the spelling of the role name must be an exact match for the data contained in the user's directory record and you do not need to select a group in the Groups field.
- Click the Select button next to the Groups field. Choose one or more user or host groups by clicking on the names in the All Groups column and clicking the right arrow to move them to the Selected Groups column. Click OK to continue.
- If you are creating a role that you do not want to have automatically assigned, but wish to assign manually or through the captive portal, then do not enter any groups.
- Click in the Note field to add any user defined information needed for this role.
- Click OK to save the role.
- If this role will be used to control network access for hosts managed in Topology View and devices, go to the Network Device Roles View and configure the role mapping there. See Network device roles.