How do I grant 'View Only' rights to the DRA Security Model? (NETIQKB52425)

How do I grant 'View Only' rights to the DRA Security Model?

How do I grant 'View Only' rights to the Delegation Management, Policy and Automation Management and Configuration Management nodes in DRA?
What permissions can I set for the Delegation Management, Policy and Automation Management, and Configuration Management nodes in DRA?

What is the Audit All Objects Role used for?

It is possible to delegate View Only or Audit rights to the Delegation Management, Policy and Automation Management, and Configuration Management nodes in the Delegation and Configuration console in Directory and Resource Administrator (DRA).  To do so:

1. Launch the Delegation and Configuration console with an account that is a member of DRA Admins.
2. Under Delegation Management, select ActiveViews and right-click the All Objects ActiveView and select Properties.
3. Select Assignments and then click Add and Delegate....
4. Click Add and select the User, Group or Assistant Admin Group desired and click Next.
5. Click Add and Roles and search for the 'Audit All Object' role.
6. Click Add and OK then click Next.
7. Click Next and Finish.

This additional assignment to the All Object ActiveView will allow non-DRA Admins the ability to Audit or have 'View Only' capabilities in the Delegation Management, Policy and Automation Management, and Configuration Management nodes in DRA. 

It is not possible to seperate the Audit All Objects scope into just the individual nodes.  Delegating this role will include all nodes (including the Account and Resource Management node) for auditing purposes.

Formerly known as NETIQKB52425