When running an AdminUI, one might like to know how to create and
administrator which will have read only permissions.

At first glance, to create a Legacy Administrator, the following
objects should be created in this order : Workspace (1), Legacy
Administrator (2), Administrator (3).

Here a sample how to do it.

To create a Legacy Administrator with Read Only permissions :

  - Go to the AdminUI;

  - Go to Administrator / Workspaces;
  - Click on "Create Workspace";
  - In Name, give a name to the new workspace;
  - Click on "Lookup";
  - In "Search for objects of type" drop down list, select each item
    you want the new admin to access to, and click "Search";
  - Select all the sub item you want the new admin to access to;
  - Click "Select";
  - Select "Read-Only" for each of the sub item you want to be
    read-only;
  - Click "Submit";

  - Go to Administrator / Legacy Administrator;
  - Click "Create Legacy Administrator";
  - Select "Create a new object of type Legacy Administrator";
  - In Name, give a name to your new administrator;
  - Select "CA Single Sign-On Database";
  - In "Password", give a password;
  - In "Confirm Password", give the password you defined above;
  - Keep all other fields as is with default values;
  - Click "Submit";

  - Go to Administrator / Administrators;
  - On the line of the new administrator defined above, click on the
    pensil sign to edit it;
  - In the drop down list "Workspace", select the workspace you
    defined above;
  - In the "Rights" section, click "Add" button;
  - Select all the Items you want the Admin to access to;
  - Click "OK";
  - In the "Rights" section, check the "V" field for each item you
    want the new admin to View, keeping all the other columns
    unselected;
  - Click "Submit";
  - Give a comment if you want to;
  - Click "Yes";

  - If you want to extend the new admin created above to have read
    only
  - access to other objects, then just add them in the workspace.

  - Go again to Administrator / Workspaces;

  - On the workspace you created above, click on the pencil to edit
    it;
  - Select all the objects you want as read-only;
  - Click on Lookup to add other objects;
  - Click "Submit" to save modifications;
 

Edit a second time after the changes, in order to insure that all
items and sub items are checked as read-only.

Sign out the current user and login with the new administrator that
has been just created.

(1)

   Create a Workspace
   https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/policy-server-configuration/administrators/create-a-scoped-administrator.html

(2)

   Create a Legacy Administrator
   https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/policy-server-configuration/administrators/create-a-legacy-administrator.html

(3)

   Create an Administrator
   https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/policy-server-configuration/administrators/create-an-administrator.html