Before we get into Administrative Authorization Groups, let's first talk about roles. There are various roles that a user can have. One of the roles is Admin Security Manager. 

Users that have the Admin Security Manager role are allowed to perform certain security related tasks, such as updating administrative security and security domains. By creating an Administrative Authorization Groups, you can modify the things that users that have the Admin Security Manager role are allowed to do.

Create an Administrative Authorization Group

In the WebSphere admin console, expand Security and select Administrative Authorization Groups. Select New. Give the security domain a name, assign the group to  one or more components, and select OK.

In this example, a security authorization group named testingSD has been created.