When you install CA ControlMinder, you are asked to name one or more CA ControlMinder administrators. CA ControlMinder administrators have the authority to modify all or part of the rules database. You should have at least one full‑authority administrator. This administrator can modify or create access rules freely and can designate other levels of administrators.
Once you have defined users for your system, you can assign administrative authority to other users by assigning the ADMIN attribute to them.
Note: A user with the ADMIN attribute possesses powerful authority. Consequently, the number of ADMIN users should be strictly limited. It is also a good policy to separate the roles of the native superuser and ADMIN, removing the ADMIN attribute from the superuser after you have set up one or more CA ControlMinder security administrators.
Because you always need at least one user with authority to manage the database, CA ControlMinder does not let you delete the last user that has the ADMIN attribute.
If you expect any of the CA ControlMinder administrators to be administering other hosts from this workstation, be sure that a rule in the database on that host gives them READ and WRITE access from this workstation.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|