ACCOUNT, LEADER, and SECURITY users can change selected logonid records in the limits specified through their SCPLIST field. A user is unrestricted if he has no SCPLIST field specified in his logonid record.
Here is some important information about security privileges and scope lists:
This user can insert, list, delete, and change logonid records in his SCPLIST. An ACCOUNT user without the SECURITY privilege cannot change or list the logonid record of a user with both the ACCOUNT and SECURITY privileges. A user with both of these privileges is more powerful than a user with only one. An ACCOUNT user normally maintains logonid records, but has no authority to write access rules.
This user can change selected fields of logonid records in his SCPLIST. This differs from the ACCOUNT privilege that lets a user change any logonid record field in his scope.
This user is a security administrator. He can list and change fields of logonid records for users in his SCPLIST. The security administrator cannot create (INSERT) new logonid records unless he also has the ACCOUNT privilege. An ACCOUNT user is responsible for maintaining logonid records, while a SECURITY user is responsible for writing and maintaining access rules and all records residing on the Infostorage database.
This field limits the logonid records a privileged user (a user with ACCOUNT, LEADER, or SECURITY) can access. For example, the Identification and Privileges portions of a logonid record for Ann Smith are:
TLCAMS AAPMGRGTLCAMS ANN SMITH EXT.458 PRIVILEGES ACCOUNT SCPLIST(ACCTMGR)
Ann has the ACCOUNT privilege so she can process logonid records.The SCPLIST field in her logonid record indicates that she is limited to creating and maintaining only the logonid records defined in the scope record named ACCTMGR on the Infostorage database.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|