In iManager, click the "Configure" button up top (the guy sitting at the desk), then expand the Role Based Services section on the left and click RBS Configuration. Under iManger 2.x Collections, click New -> Collection and Setup. Enter a descriptive name (which will be created in eDirectory) and then the context (container) to which it should be stored under. Deselect all modules; we will install what we want later. Select that container as the scope as well. Uncheck Assign Rights as well as Inheritable.

Click Start. Go back to RBS Configuration, select that Collection, and click Edit.

From the Module tab, click New. Name: PrintJobCancellerModule. The Context is actually the name of the Collection that we are creating/editing.

From the Role tab, click New -> iManager Role. Role Name: Printing. No available tasks, so none assigned. No available categories, so none assigned. Assigned Members: Name: PrintJobManagers (group created above). Scope: Printer's Container.

Property Book -> New. Name: Printer Console (this will display in the left-hand menu). Module: PrintJobCancellerModule. Assigned Object Types: NDPS Printer. Assigned Pages: Printer Control, Jobs, Retained Jobs. Assigned Roles: Printing (the one we created in the previous step).

RBS Configuration -> iManager 2.x Collections -> New Collection and Setup
* Name: CatiAccountManagement
* Container: Group's container
* Unselect all modules, then select Password Policies Modules. Scope: Group's container. Uncheck Assign Rights.

RBS Configuration -> iManager 2.x Collections -> Edit CatiAccountManagement collection
Module tab -> New
* RBS Module Name: CatiAccountManagementModule
* Context: CatiAccountManagement.container (the collection name that we just created)

To allow users to Set Universal Password:
Role tab -> New iManager Role
* Role Name: Cati Account Management (the category that will display in the left-hand navigation menu)
* Assigned Tasks: Set Universal Password
* Assigned Categories: None
* Assigned Members: Name: ResetCatiLockout (Group of which users are members). Scope: NDS role's container. Uncheck Assign rights.

To allow users to clear Intruder Lockout:
Property Book tab -> New
* Property Book Name: Reset Password (the subcategory that will show in the left-hand navigation menu)
* Module: CatiAccountManagementModule (the module that we just created)
* Uncheck Allow multiple object editing
* Assigned Object Types: User
* Assigned Pages: Intruder Lockout
* Assigned Roles: Cati Account Management (the role we just created)

A Role is the category that shows up in iManager's left-hand menu, which can be expanded to show the different items.

The Role Content is what shows up when expand a Role in the left-hand menu. You can click on these Role Content items to get into certain areas of iManager. When you install a role, it will install all of the Role Content items that are available. Remove the ones that you don't want the user to have access to.

Member Associations is located under the Actions pull-down menu under the Role tab. This is where you assign the user or group that can perform this role, and the Scope (the Context) in which they can do it. If Assign Rights is checked, it will grant corresponding eDirectory rights as it grants iManager rights. If this is not checked, you're on your own to assign those eDirectory Rights.

Role Category Assignment is located under the Actions pull-down menu under the Role tab. The categories group related roles and tasks together. This is purely for organization of the iManager interface that is presented the user. If you remove the category assignment, neither the Role nor the Role Assignment will be removed from the left-hand navigation menu! It will, however, be removed from the pull-down "Categories" menu at the top of the left-hand navigation menu.

A Property Book defines what options are available to a user (what tabs show up, and what sub-categories of those tabs show up) once they click on a Role Content item from the left-hand navigation window in iManager (available when you edit the Page List of the Property Book). It also defines what Object Types are available (in our case, "NDPS Printer" is the only one assigned, under "Manage Printer").

The Modules are where the Property Book and tasks are contained. If You're looking for property books or tasks that aren't there, install the RBS Module for it under the Module tab. If you delete a module from the collection, it will delete the Tasks and Property Books that are contained within it as well. The RBS Modules are objects in eDirectory; The RBS Tasks and RBS Property Book objects are actually properties contained within those objects. When you're creating an RBS Module and it asks for the Context, this is actually the Collection that you want to use it. When a new Property Book is created, the module that it should be contained in is selected.

A Task is a plug-in that performs a distinct management function, such as creating a user or setting a password. iManager lists the tasks by group in the navigation area on the left side of the window. In my case, for print queue management, no tasks are necessary and therefore none are installed in that collection. A task seems to be if you want to do something extremely specific that you can't normally do with just a typical Property Book. Creating a new task will bring you into the Plug-in Studio.

Categories group related roles and tasks together. If you Edit Role Assignment, you'll see a list of assigned roles, and available roles that can be added as assigned roles. I assume that when you create a Task, you assign it to a Category at that time.

The wizard steps you through naming the role; assigning tasks and categories to the role; and assigning role members and scopes to the role.