I found that the delegated administration steps can be a little complicated to do the first time, so I’m making a note of it here for future reference, and to hopefully help others:
Configuring the Administrative Roles for the Tivoli Security Policy Manager Console.
- Create a User.
- Add the user to the tspm_user group in LDAP.
- Add the user to the TIP Administrative Role “TSPMUserRole”
- (On the TSPM ISC – not TIP) Open the TSPM Application, and select “Security role to user/group mapping” and add the new user to the SecurityAdministrator Role.
- Create a Group for every Role.
- Map the new group to the SecurityAdministrator Role.
- Make the new group a member of the tspm_users group.
- Map the Roles to the appropriate groups. Once mapped, add the TSPMUserRole administrative Role to the group. (Should already exist).
Then all you need to do is add the person to the specific roles group.