Endpoint Administration Guide for UNIX › Scope of Administration Authority › Sub Administration › How to Grant Specific Administrative Privileges to Regular Users

How to Grant Specific Administrative Privileges to Regular Users

Because administrators—users with the ADMIN attribute—can execute almost all actions in CA Access Control, you may want to delegate specific administrative tasks to sub administrators. To do this, you need to grant those users with privileges to classes in the CA Access Control database that control the specific administrative tasks the user needs to perform as follows:

1. Identify one or more classes that control the tasks you want to delegate.

   For example, CA Access Control uses the USER and GROUP classes to create accessor resources. If you want to delegate accessor management, you then need to use the USER and GROUP records of the ADMIN class.

2. Authorize one or more sub administrator to the applicable resource of the ADMIN class.

   For example, to let a sub administrator view and modify user records, grant the user with read and modify access to the USER record of the ADMIN class.