Share via


New Role Definition Dialog Box

Applies To: Windows Server 2008

Important

Authorization Manager is available for use in the following versions of Windows: Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows XP, Windows Vista, Windows 7, and Windows 8. It is deprecated as of Windows Server 2012 R2 and may be removed in subsequent versions.

  The following table describes the UI elements for this dialog box.

Item Description

Name

Provides a space for you to type the name of the new role definition (for example, Account Manager).

A role definition is a collection of permissions in tasks and operations. You are prevented from entering a name that already exists in this scope. It cannot contain any of the characters \ / : * ? " < > | and [tab]. The name of a role definition has a maximum size limit of 64 bytes.

Description

Provides a space for you to type the description of the new role definition.

The description does not affect the functionality of Authorization Manager and should be meaningful to you. The description has a maximum size limit of 1024 bytes.

Add

Adds a task to the role definition (for example, "Change Password").

A task is a collection of operations required to do specific types of work that are meaningful to the administrator.

Remove

Removes the selected task or role from the definition. To make this button available, click an item in the list.

The tasks and lower-level roles that define this role

Lists the tasks and lower-level roles that define this role. For example, a task called "Reset Password" might be part of a role called "Account Manager."

Authorization Rule

Click to create an authorization rule for the role definition. An authorization rule is written in Visual Basic Scripting Edition (VBscript) or Jscript, and makes an authorization decision based on application group membership, and whatever application-specific data is relevant and current when the script is run.

Additional references